Skip to content

Instantly share code, notes, and snippets.

View MohamedGamil's full-sized avatar

Mohamed Gamil MohamedGamil

View GitHub Profile
@frosit
frosit / infectedFiles.md
Created May 5, 2016 22:40
Some commands for finding and clearing infected PHP files

Finding infected files with following bash commands

** Command to list all infected files:

  • grep -lr --include=*.php "eval(base64_decode" /path/to/webroot
  • grep -lr --include=*.php "eval" .
  • grep -lr --include=*.php "base64" .

Command to remove malicious code:

  • grep -lr --include=*.php "eval(base64_decode" /path/to/webroot | xargs sed -i.bak 's/<?php eval(base64_decode[^;]*;/<?php\n/g'