Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

bash script; delete all files from grep result

Discussion in 'Security' started by whm-expert, May 21, 2013.

  1. whm-expert

    whm-expert Active Member

    Joined:
    Nov 10, 2012
    Messages:
    40
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    DataCenter Provider
    hello
    i am using bash script to find all php shell scripts

    grep -RPnDskip "(base64_decode) *\(" /home/domain/public_html >> /home/1.txt

    and this is the output
    /home/domain/public_html/qaqa.php:12:$tkl=base64_decode($tkl);

    is there any way so i can delete all output file automatically?
    i mean when the shell script find the word "base64_decode" in "qaqa.php", it will delete the file from the server.
     
  2. whm-expert

    whm-expert Active Member

    Joined:
    Nov 10, 2012
    Messages:
    40
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    DataCenter Provider
    i solve the problem
     
  3. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,444
    Likes Received:
    1,962
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Would you mind sharing your resolution in-case others have a similar question?

    Thanks :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    1,011
    Likes Received:
    89
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    I usually use xargs. Also, the "l" flag on grep is useful as it makes a list of matching files.

    Say for instance you know every file containing "badstring==' is malicious. You could do this:

    find /home/USERNAME/public_html/ -type f -exec grep -Rl 'badstring==' {} \; > results.txt

    Examine results.txt and MAKE SURE you want to remove the files. A good idea is to chmod 000 them first and make sure your site still functions:

    cat results.txt | xargs chmod 000

    Once you're SURE it's OK to remove the files, then you can

    cat results.txt | xargs rm -f

    If there are spaces in file names in the list, it could cause problems. I normally remove any files with spaces manually, remove those paths from results.txt, and then use the xargs command.

    As always, make sure you have a working backup before you go nuking a bunch of files.
     
    #4 quizknows, May 22, 2013
    Last edited: May 22, 2013
  5. whm-expert

    whm-expert Active Member

    Joined:
    Nov 10, 2012
    Messages:
    40
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    DataCenter Provider
    thank you for these information , i use xargs in my bash script, and its work successfully
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice