The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Script to search for 'hacker' inside of files

Discussion in 'General Discussion' started by SeaLuvR69, Aug 30, 2008.

  1. SeaLuvR69

    SeaLuvR69 Registered

    Joined:
    Aug 30, 2008
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    We've had a few PHP programs get 'hacked' and we wanted to search the entire /home directory for a certain word inside of any PHP file. We have this script that actual deletes files, but we want to modify it to just write the /path/file.names inside of a .TXT file. As you can see from the {print "rm -rf " $2} command that this will delete the file. Any suggestions on how to write any files it finds to a .TXT file? It would need to add each /directory/file it finds to a new line.

    find /home/ -name "*".php -type f -print0 | xargs -0 grep CrazyHacker16 | uniq -c | sort -u | cut -d":" -f1 | awk '{print "rm -rf " $2}' | uniq
     
  2. webicom

    webicom Well-Known Member

    Joined:
    Mar 30, 2004
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Slovenia
    Hi,

    Yes you can do this with command like this:

    find /home/username/public_html -name "*".php -type f -print0 | xargs -0 grep text you are looking for | uniq -c | sort -u | cut -d":" -f1 > nameasyouwant.txt

    This command will look for text inside all php files under an account (you can change /home/username/public_html to what ever eaven just /home but it will scan longer) and if it will find text pattern it will do nothing just output to your nameasyouwant.txt file. You can find that file in /root and look if scan did find something. It it did you will see path to file wich contains text pattern.

    Regards, Erik
     
  3. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    Here is a working version of your command:
    Code:
    /usr/bin/find /home/WHATEVER -name "*.php" -type f -print0 | xargs -0 grep WORD_YOU_LOOK_FOR | uniq -c | sort -u | cut -d":" -f1 | awk '{print "" $2}' | uniq
     
Loading...

Share This Page