Baba Wild Slots online.Makakuha ng libreng 700pho sa bawat deposito

(@igalmalk)

Hi,

I am not sure how to block this hack, but as a workaround
I wrote a solution which would restore your files even if you dont have any backup,
the below script catches all infected php files on your server, backup them (with it original path),restoring them into it orig state, and also write a summary file with the result
It works great for me (about 21000~ php files scanned and fix in 7min)
In order to use it copy the below code into file on your home directory
name the file php_fix.sh
make it executable by typing
chmod +x php_fix.sh
and run it:
./php_fix.sh y

You may consider add it to your crontab job to run automatically every day.

enjoy

#!/bin/bash

infected_files=0
fixed_files=0
DATE=date +"%d-%m-%y %T"
find . -name "*.php" |grep -v 2fix > php_files.dat

php_files=cat php_files.dat |wc -l

if [ ! ls 2fix ]
then
mkdir 2fix
fi

while read file_name
do
if [[ head -1 $file_name |grep GLOBALS ]]
then
if [[ $1 == "y" ]]
then
fixed_string=head -1 $file_name |grep GLOBALS | awk -F"?>" '{print $3}'
cp --parents $file_name 2fix/
sed -i "1s/.*/$fixed_string/" $file_name
#sed -i "1s/.*/\<\?php/" $file_name
#sed -i '1d' $file_namea
let fixed_files=$fixed_files+1
else
let infected_files=$infected_files+1
fi
fi
done < php_files.dat
echo $DATE, "Scannded files:" $php_files, "Fixed files:" $fixed_files, "Infected: " $infected_files >> fixed_files.dat
exit

Viewing 3 replies - 1 through 3 (of 3 total)

Moderator Ipstenu (Mika Epstein)
(@ipstenu)

?????? Advisor and Activist

10 years, 4 months ago

While this code is awesome and does exactly what you say it does (and props for that!), it doesn’t actually solve the problem of the hack in the first place.

You need to start working your way through these resources:
https://codex.www.ads-software.com/FAQ_My_site_was_hacked
https://www.ads-software.com/support/topic/268083#post-1065779
https://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
https://ottopress.com/2009/hacked-wordpress-backdoors/
Additional Resources:

https://sitecheck.sucuri.net/scanner/
https://www.unmaskparasites.com/
https://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html

davidmanch
(@davidmanch)

10 years, 4 months ago

Hello,
This seems like a great code but when I run it I get this:

./php_fix.sh: line 5: +%d-%m-%y %T: command not found
./php_fix.sh: line 8: php_files.dat: command not found
0
./php_fix.sh: line 10: [: ls: unary operator expected
./php_fix.sh: line 19: conditional binary operator expected
./php_fix.sh: line 19: syntax error near `-1′
./php_fix.sh: line 19: `if [[ head -1 $file_name |grep GLOBALS ]]’

Not sure what I am doing wrong, can you please help? CentOS 6.5

Thread Starter igalmalk
(@igalmalk)

10 years, 4 months ago

Hi,
First, thanks Ipstenu,i’ll use the links you provided, anyhow i never meant to solve the hack with my code, read the first line of my post, I just offer a workaround to people who already got this problem, i am actually not a word press expert at all, im more server side and scripting oriented.

Davidmanch, the problem is not with your server,
seems that the forum engine remove some of the comma signs from the code,
Anyway you welcome to download it from my site at:

https://okgamestudio.com/sites/igal/php_fix.sh

Thanks
Igal

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘First line of all PHP files modified hack – solution’ is closed to new replies.

First line of all PHP files modified hack – solution

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics