Linux 服务器,定位仅包含 4 行特定行的文件
我正在处理一个受感染的网站,黑客在其中注入了 htaccess 指令来重定向流量。我可以轻松找到包含转发黑客的 .htaccess 文件,但在目录已包含 htaccess 文件的情况下,它们会附加危险指令,因此我不能删除任何 htaccess 文件,否则可能会通过让以前受密码保护的文件来损害网站目录完全开放,或者 urlrewrite 指令 (WordPress) 被删除等。 我找不到找到仅包含这 4 行重定向黑客的文件的方法,您能透露一些信息吗? 到目前为止,使用
find . -type f -exec grep -q targetpiratedomain {} \; -exec echo rm {} \;
谢谢 !
I'm dealing with a compromised website, in which hackers injected an htaccess instruction to redirect traffic. I can easily locate .htaccess files that contain the forwarding hack, BUT in cases where the directory already contained an htaccess file, they appended the dangerous instructions, so I cannot just deleted any htaccess file or could harm the site by letting formerly pw-protected directories wide open, or urlrewrite instructions (WordPress) be deleted, etc.
I could not find the way to locate files that only contain those 4 lines of redirect hack, could you shed some light ?
So far, using
find . -type f -exec grep -q targetpiratedomain {} \; -exec echo rm {} \;
Thanks !
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
使用 .htaccess 文件之一作为模板。然后发出以下命令:
cmp会将文件与模板文件进行比较,如果返回 true,则执行rm。您可能想首先使用echo或cat而不是rm进行测试。请务必在启动命令之前重命名或移动模板文件,否则模板将在此过程中被删除。
Use one of the .htaccess files as template. Then issue the following command:
cmpwill compare the file to the template file and if this returns true, thermis executed. You might want to test this first withechoorcatinstead ofrm.Be sure to rename or move the template file before starting the command, else the template will be removed during the process.
您可以使用 .htaccess 文件的大小 - 所有简单的文件都应该具有相同的大小?
您还应该限制 find 命令仅包含具有正确名称的文件。
另外,正如评论中那样,您真正应该做的只是从源代码控制恢复站点。
You could use the size of the .htaccess file - all the simple ones should be the same size?
You should also restrict your find command to only include files with the right name.
Also, as in the comments, what you should really do, is just restore the site from source control.