I'm looking to use the following regex line to remove malicious code from my site;
find -type f -name \*.php -exec sed -i 's/.*eval(base64_decode(\"CmVycm.*/<?php/g' {} \;
This will preserve <?php
which I want but I noticed that many of the injections are throughout php files on multiple lines, meaning not just the very first <?php
So is it possible to do an if do otherwise statement where if its on line 1 of a php file preserve the php tag otherwise remove the entire line if its anywhere else?