Linux command line : edit hacked index files [duplicate] - linux

This question already has an answer here:
Hacked Site - SSH to remove a large body of javascript from 200+ files [closed]
(1 answer)
Closed 2 years ago.
I'm unfortunately once more dealing with a hacked site on a Linux Plesk server. While the issue is fixed with FTP access changed (it got down to the famous Filezilla FTP codes hack on a PC) I'd appreciate to know how to edit files as it may take over an hour to restore the site to the most recent backup we have, and I'd be glad to have it back online faster.
The hack is rather simple: a javascript code was inserted in many index* (only index.php it seems) files in the site.
I'm looking for a way to mass-edit the hacked files, knowing that even though the target javascript code is the same, it is called from a number of probably also hacked sites. So while my legitimate index file used to start with
<?php
it now starts like
<script type="text/javascript" src="http://(RANDOMDOMAINHERE)/facebook.php"></script><?php
As that chain contains a variable, could you help me find a sure-fire method to edit all the changed Index files (about 80 found) ?
I have used a SED replace before but this time part of the chain to replace varies, so could I use a wildcard ?
Best regards, thanks for shedding light !

find -name 'index.php' -print0 |
xargs -0 sed -i '1s#^<script type="text/javascript" src="http://.*\?/facebook.php"></script>##g'
Should do wonders
the sed command:
1 (match in first line)
s#pattern#replacement#g (replace pattern by replacement, not that the latter is empty)
^ must match at start of line
.*\? accept arbitrary length of sequence of characters; however if more than one a match for the whole pattern could be made, only match the shortest possible variant of it
Cheers

I sincerely hope your not actually adminning a production domain. You should inform your users, get the problem fixed, offer the users to go back to a recent backup that hasn't got the problem.
There is no telling what else has been tampered with.
I'm glad my VPS is somewhere else!

I would fix the Cross side scripting exploit before this problem is addressed or it will all be in vain. When thats done a simple search and replace of blocks of script that contain a common string should be sufficient.

Related

Locating files starting with a string for my hw

I have a conundrum and I am not necessarily trying to cheat or anything I am just simply stuck. I am trying to complete an assignment for my intro to Linux class and I was hoping someone would be able to help me find the right solution. I have to:
In the same directory (where the last file was found) list all files
starting with "host" --
Use the long listing format Use a command to
find the file that shows the name of your computer
now the directory in question is /etc and I have tried several commands to no avail for both of these but especially the first one. I have tried find and locate and even attempted a grep and it just is not working as intended. I can't get files that start with "host" at most I keep getting a list of permission denied or files that end in .host and so I am not sure what I am doing wrong but I really need help so I can turn in my assignment. You don't have to tell me what the exact command should be I am just looking for some guidance again I am not trying to cheat just need help to figure it out.
and welcome to Stack Overflow! Here are some pointers.
See globbing in Linux and the * symbol.
"long listing" is an option for ls command, see ls --help. The name of your computer (or, more accurately, the name of your host) is a file in /etc/. You should see it when doing #1.

Linux tool to bulk change a website from http:// to https://

I need to change an entire PHP-based website from http:// to https://. The SSL certificate has already been installed and shows validity.
Now, the website has many many subdirectories, shops, newsletters etc., but stems from one major directory.
Is there either a tool or a methodology I can do this under Linux recursively, i. e. incorporating all various sub-directories in my search and automatically exchange http:// to https://? Is there a way not only to do the exchange but also to save the changed files automatically?
Maybe a stupid question, but I'd appreciate your help a lot so as to prevent myself from going through every single PHP file in every single directory.
The sed command has an in-place option which can be helpful in executing your change. For example
sed -i 's/original/new/g' file.txt
In your case this may work
sed -i 's/http:\/\//https:\/\//g' ./*.php
I would recommend a backup before you try this since the sed command -i option may work differently on your system.
Here is a reference with more information.

mv command failing because destination already exists

Sorry if this has been answered - I tried to search, but didn't find anyone with quite the same issue..
I'm trying to basically move all files from one drive (mountpoint) to another.. I initially used
mv /mnt/old1/* /mnt/disk1
This SEEMS to have been working, but I had a power failure in the middle of it, and when I re-issue the command, it seems to be having issues because the directory structure in the destination already exists, so it's not moving the source files anymore.
Basically, at this point, I'm just trying to merge two directory structures into one. I guess I could cp the structure, but I would really have no way to know if a file was skipped as I do with mv, since if it's still in the source drive, I can assume it wasn't moved..
Is there a better way to do this? I've never used rsync, but from what I'm reading, perhaps this is a better option?
Any help would be greatly appreciated - I've got millions of files (18+tb) to move and I don't want to inadvertently miss something..
Thanks!
Steve
I just tried the following, and it works.
mv -ui /old/* /new/
-u for update mode
-i for query if exist (just for double check, maybe useless)
I do not know whether slash "/" after "/new" matters, and after that, files in /old/ are those not moved.
Hope this can help :)

Finding files using icicles in Emacs under Windows 7

The short version of the question: how can I get icicles to search usefully for files in directories and subdirectories, even if only given a partial match of the filename?
EDIT: The short answer is to use icicle-locate-file in the top level of your directory and use S-Tab (shift-tab) to begin completion rather than plain tab. More details in this answer.
Just as an addendum, I gave up on icicles after this as it took about 10 seconds to find files in the (large) directory tree in question each time I used icicle-locate-file. There may be a way round this delay, perhaps by creating and sets of files 'gathered' by icicles, but I began to feel that the potential benefits were being eroded by the up-front costs of working this out and by the costs of keeping the file sets updated. As the author of icicles points out below, access to *nix's locate command would allow me to use icicle-locate, which is quicker than icicle-locate-file. However, I run on Windows and the Everything utility doesn't work for me. So, back to copious use of IDO and bookmarks that expand to dired buffers.
==========
The longer version... As Emacs (24.3.1) is now my main development environment I have been exploring ways of improving my efficiency, particularly regarding filename completion for some time now. Several excellent answers to this question pointed me to ido-mode and dired-x, both of which I am now using.
Another great recommendation was Emacs' bookmarks. In particular, defining dired buffers as bookmarks and jumping to them using C-x r b mybook1 or even calling C-x r b from the C-x C-f minibuffer (this page was helpful) are two very useful strategies.
A couple of people mentioned anything and its successor helm. I have been unable to get the file location part of either package working on Windows 7. Apparently they depend on the command line version of Everything but this fails for me, as detailed in this question, to which there were some helpful responses but no definitive answers. It seems that it works smoothly on *nix but there's not much discussion of helm-locate etc on Windows. So that counts out helm and anything for filename completion.
Which brings me to icicles. In a question about making find-file search in subdirectories the asker commented that they had taken a look at "ido and icicles, but they seem to work shallowly, only within current directory".
In response to this came a comment on icicles: "you can search for any file on your system, if you want, matching any part of the file name and path" with a pointer to a page on Icicles file name input. While I appreciate the considerable effort that has gone the help pages for icicles, I didn't find this one very useful because it consisted largely of a list of descriptions of icicles functions. What would be useful to me is a tutorial that walks you through finding files.
Let's assume the following.
I am running a Windows 7 installation of Emacs 24.3.1.
I have a top-level directory containing some files and folders. In this case it is c:/iciclestest/.
I know there's a file somewhere in this section of the tree that has "grob" as part of the filename.
I want to use icicles to find this file. I have put (require 'icicles) and (icy-mode 1) in my init file.
So, off we go. Start Emacs in the scratch buffer. Hit C-x C-f. I get a File or directory prompt, with a purple plus sign to the left that I think indicates that this is one of icicles' multi-commands.
Hitting tab gets me this mini-frame, showing me the contents of the current directory.
I hit tab on the folder1 subdirectory and icicles shows me the contents of that, as one would expect.
You can see a couple of files with "grob" in the name.
Right, C-g to clear everything then C-x C-f again. Enter 'grob'. I get a "no prefix completions" message. This surprised me a little because I expected icicles to have some kind of whizzy fuzzy matching like ido-mode.
Okay, maybe I need a different command. Let's try M-x icicle-locate-file, which gives me this prompt:
If I enter 'grob' and hit confirm I just get a new file, as per below.
To recap: what I'd like to be able to do is enter a string and have icicles go and look for files or folders containing that string. My main dev folder has many dozens of directories and thousands of files so a quick find within Emacs would be a godsend.
I realise that the locate command doesn't exist on Windows so functionality will be in some ways limited, but I would have thought a recursive search of files and subdirs from the current dir based on a user-entered string would be straightforward. What am I missing? Am I going about this the right way? Can this be done in icicles?
You need to read the Icicles doc a bit more: use S-TAB instead of TAB for apropos (regexp or substring) completion. That is apparently all you want here: match grob as a substring. (No need for any fuzzy matching for that.)
Since you want files matching grob anywhere under that directory, use icicle-locate-file. Give it that directory as the starting point. (And since you want to match grob anywhere in the file name, use S-TAB for completion.)
Icicles does provide "whizzy fuzzy matching like ido-mode" (in fact a lot whizzier). Ido's "flex" matching is the same as Icicles's "scatter" matching.
You can set the kind of completion you want to be one of the fuzzy-matching types. In the minibuffer, C-( cycles among the prefix-completion methods. M-( cycles among the apropos-completion methods. True fuzzy matching is a prefix completion method. Flex/scatter matching is a poor man's fuzzy matching, and it is an apropos completion method (so use M-( to cycle to it). To change the default matching, so you need not cycle to get the ones you prefer, customize option icicle-S-TAB-completion-methods-alist or icicle-TAB-completion-methods.
In addition to the answer about icicle-locate-file, you can find files that are in marked Dired subdirectories, and their marked subdirectories, etc. recursively, using M-+ C-F (command icicle-visit-marked-file-of-content-recursive), if you use both Icicles and Dired+.
This answer provides the details.

vi text search with exclude (linux)

I have a huge log file (25.3 million lines) with errors and I won't to search it without holding down the up button. How can you search this with vi? I've seen similar at directory levels but not particular files. At the moment I've searched a date e.g. /Tue 15 Jan
and navigated down but I'm not sure when problems may have began (only when noticed) so I need a general search.
My general idea from within the file would be /ORA-/!ORA-00020
meaning that I want to find those strings containing "ORA-" but ignoring those that are "ORA-00020". Any idea how this can be done viewing a particular file?
Thanks for any info
You do
grep -v "ORA\-00020" error.log > error2.log
then you search error2.log
I don't know the exactly way on vi, but we have kind of ways to get the result:
we can use cat/grep commands and write the answers in another file (so we have much smaller file) and then you can search in it, if it will be ok.
you can use vim instead vi and use TagList Vim Plugin.
Additional info at:
http://www.thegeekstuff.com/2009/04/ctags-taglist-vi-vim-editor-as-sourece-code-browser/
http://vim-taglist.sourceforge.net/faq.html

Resources