dspv70887 2017-05-17 06:47
浏览 70
已采纳

服务器的PHP入侵了。 有没有办法定位特定的字符串+标签?

A friend of mine (who doesn't like strong passwords ...) got his server hacked and i'm trying to help him.

Basically, a lot of php files on the server have had lots of stuff added on line 1 between two php tags.

Something like this:

1. <?php lots-Of-Stuff-I-Can-Target-Easily-With-Grep ?><?php
2. Line 2 and beyond, the file is unchanged.

So my question is: is there a way via grep - or something else - to just target the first php tags with everything in between to delete it? In the exemple above, on line 1: everything but the second opening php tag.

I know I could target line 1 and just replace with an opening php tag, but to avoid any problem, i would much prefer target and delete the exact thing i want out.

There is way too many files to do it by hand. Any ideas?

</div>
  • 写回答

1条回答 默认 最新

  • doumiao0498 2017-05-17 10:23
    关注

    I fully agree with Ben Hilliers comment. (I mean especially the part with the back-up as I have only little knowledge about PHP.) However...

    The following sed command can be used:

    sed 's/^<?php .* ?>\(<?php.*\)$/\1/'

    Alternatively, it can be done with awk:

    awk '/<\?php .* \?><\?php/ { $0 = gensub(/^<\?php.*\?>(<\?php.*)$/, "\\1", 1, $0) }{ print }'

    or with the additional condition NR==1 to ensures that the test/replacement is done on first line only:

    awk 'NR==1 && /<\?php .* \?><\?php/ { $0 = gensub(/^<\?php.*\?>(<\?php.*)$/, "\\1", 1, $0) }{ print }'

    One of these commands (cleverly combined with find) should do the job.

    Please, notice the distinct escapings which are necessary in sed vs. awk.

    And, as Ben Hillier already recommded: Don't forget to backup before.

    Demonstration:

    $ echo '<?php lots-Of-Stuff-I-Can-Target-Easily-With-Grep ?><?php' \
> | sed 's/^<?php .* ?>\(<?php.*\)$/\1/'
<?php

$ echo '<?php' | sed 's/^<?php .* ?>\(<?php.*\)$/\1/'
<?php

$ echo '<?php lots-Of-Stuff-I-Can-Target-Easily-With-Grep ?><?php' | awk '/<\?php .* \?><\?php/ { $0 = gensub(/^<\?php.*\?>(<\?php.*)$/, "\\1", 1, $0) }{ print }'
<?php

$ echo '<?php' | awk '/<\?php .* \?><\?php/ { $0 = gensub(/^<\?php.*\?>(<\?php.*)$/, "\\1", 1, $0) }{ print }'
<?php

$ echo '<?php lots-Of-Stuff-I-Can-Target-Easily-With-Grep ?><?php' | awk 'NR==1 && /<\?php .* \?><\?php/ { $0 = gensub(/^<\?php.*\?>(<\?php.*)$/, "\\1", 1, $0) }{ print }'
<?php

$ echo '<?php' | awk 'NR==1 && /<\?php .* \?><\?php/ { $0 = gensub(/^<\?php.*\?>(<\?php.*)$/, "\\1", 1, $0) }{ print }'
<?php

$ cat >test.txt <<EOF
> <?php lots-Of-Stuff-I-Can-Target-Easily-With-Grep ?><?php
> // contents
> // contents
> // contents
> ?>
> EOF

$ cat test.txt | sed 's/^<?php .* ?>\(<?php.*\)$/\1/'
<?php
// contents
// contents
// contents
?>

$ cat test.txt | awk '/<\?php .* \?><\?php/ { $0 = gensub(/^<\?php.*\?>(<\?php.*)$/, "\\1", 1, $0) }{ print }'
<?php
// contents
// contents
// contents
?>

$ cat test.txt | awk 'NR==1 && /<\?php .* \?><\?php/ { $0 = gensub(/^<\?php.*\?>(<\?php.*)$/, "\\1", 1, $0) }{ print }'
<?php
// contents
// contents
// contents
?>

$

    Last but not least the awk script for human readers:

    # catch 1st line with a duplicated "<?php"
NR==1 && /<\?php .* \?><\?php/ {
  # replace the line by everything including and after 2nd "<?php"
  $0 = gensub(/^<\?php.*\?>(<\?php.*)$/, "\\1", 1, $0)
}
{ print } # print any line
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥60 版本过低apk如何修改可以兼容新的安卓系统
  • ¥25 由IPR导致的DRIVER_POWER_STATE_FAILURE蓝屏
  • ¥50 有数据,怎么建立模型求影响全要素生产率的因素
  • ¥50 有数据,怎么用matlab求全要素生产率
  • ¥15 TI的insta-spin例程
  • ¥15 完成下列问题完成下列问题
  • ¥15 C#算法问题, 不知道怎么处理这个数据的转换
  • ¥15 YoloV5 第三方库的版本对照问题
  • ¥15 请完成下列相关问题!
  • ¥15 drone 推送镜像时候 purge: true 推送完毕后没有删除对应的镜像,手动拷贝到服务器执行结果正确在样才能让指令自动执行成功删除对应镜像,如何解决?