Last active
November 10, 2015 22:44
-
-
Save sepehr/ac49a289e24266030e7d to your computer and use it in GitHub Desktop.
PHP/Drupal Malware Remover
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Observe the mess, exclude the unnecessary | |
| # | |
| # -r: Recursive | |
| # -I: Skip binaries | |
| # | |
| grep -rI --color "return base64_decode(\\$.*);" /path/to/www/root | |
| # Clean the mess | |
| # | |
| # -r: Recursice | |
| # -I: Skip binaries | |
| # -l: Show full filenames of matched files | |
| # -Z: Ensures that filenames are zero- (i.e., nul-) terminated so that a name containing white space does not get interpreted in the wrong way | |
| # | |
| # xargs -0: Feeds the filenames from grep to "rm -f", separating words by zero (nul) bytes | |
| # -- is very important to mark the end of options and allow for removal of files whose names begin with "-" character | |
| # | |
| grep -rlIZ "return base64_decode(\\$.*);" /path/to/www/root | xargs -0 rm -f -- |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment