This was addressed briefly here: Removing a string in a PHP file with Start and End but I'm looking for a solution to the same code. The first line of every PHP file on the server begins with <?php if(!isset($GLOBALS[
and ends with -1; ?>
. and in the middle is a long string of code that varies from file to file.
I'm trying to come up with a script to remove this line from all files. I'm running into the same wall as the guy in the previous post.
Using:
sed -e '1 s/^<\?php if(!isset($GLOBALS\[.*-1; \?>//' *.php
in a UNIX environment prints the PHP file without the code, but does not save it. What am I missing?
Use sed's -i
option, so that sed modifies the PHP files.
-i[SUFFIX], --in-place[=SUFFIX]
edit files in place (makes backup if extension supplied)
The [SUFFIX] part is optional but some sed implementations require you to provide it.
In your case, you could try this:
sed -i.bak 's/^<\?php if(!isset($GLOBALS\[.*-1; \?>//' *.php
Read man sed
for more info.
I wrote a script to clean all files in all directories and sub directories. I recommend you backup 1st. This is done from inside the shell
First create a file called fixmacro
in your home directory and add the following 2 lines to it
:1/ua=strtolower/s/^.*<?php$/<?php/
:wq
Next from the directory where the infected files are or you can run it from your home directory run the following command.
find . -name *.php -exec vi -s ~/fixmacro {} \;
This will go to every php look for the infected lines and remove them. If these are no infected files it resaves the file with no changes/
Got it working, thanks for the advice on using -i. The working command is: sed -i.bak 's/^<\\?php if(!isset($GLOBALS\\[.*-1; \\?>//' *.php
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.