- Disable Root Login — /etc/ssh/sshd_config
- Change Port to (19132) — /etc/ssh/sshd_config
tar cvzf MyImages-14-09-12.tar.gz /home/MyImages
tar -zxvf data.tar.gz
>>>>grep ‘eval(base64_decode(“DQplcnJvcl’ ./ -Rl > HACKS
>>>>for hackFile in `cat HACKS`; do cp -frp $hackFile $hackFile”-HACKED”; done
Now using that HACKS file in a loop, we want to create a backup copy of each injected script with the suffix -HACKED using the following command in case when we are stripping out the injection it happens to grab any good code accidentally:
>>>>for hackFile in `cat HACKS`; do sed -i ‘s#<?php.*eval(base64_decode(“DQplcnJvcl.*));#<?php#’ $hackFile; done
What this sed command is doing is using the -i flag for an in place replacement, the ‘s# part is telling it we’re doing a string replace, with the # symbol being the delimiter of our strings.
The next part is the sting we want to replace, it begins with <?php then we are using .* to state any character at all, followed by eval(base64_decode(“DQplcnJvcl which is the part of the injection we had copied earlier, then finally it ends with another .* to grab all of the rest of the text till finally the last part of the string )); is encountered.
After the second # we put the string we want the first string to be replaced with, in this case just <?php, then we finish up the sed command with another #’ then we put $hackFile after the
full sed command since that will be the file name of the current file in our loop.root@shamanshawn:/data/www/instaflixxx.com/wp-content/themes/adultvideo-02-blu #
/** MySQL database username */
/** MySQL database password */