{"id":427,"date":"2010-09-29T01:31:46","date_gmt":"2010-09-28T23:31:46","guid":{"rendered":"http:\/\/www.shukko.com\/x3\/?p=427"},"modified":"2010-09-29T01:31:46","modified_gmt":"2010-09-28T23:31:46","slug":"toplu-r57-c99-vs-shell-yazisi","status":"publish","type":"post","link":"https:\/\/www.shukko.com\/x3\/2010\/09\/29\/toplu-r57-c99-vs-shell-yazisi\/","title":{"rendered":"toplu r57 c99 vs shell yazisi"},"content":{"rendered":"<p>1- This code will start searching from \/ if no shell argument passed. You may want to adjust this default directory to the location of your apache directory instead for speed purposes.<br \/>\n<code><br \/>\n#!\/usr\/bin\/env bash<br \/>\n# Identifies instances of the c99Shell PHP trojan within PHP files<br \/>\nFIND_LOC=${1:-\/} # Root the find by the a directory provided as argument or default to root<br \/>\necho \"Starting search from $FIND_LOC...\"<br \/>\nfind $FIND_LOC -type f -iname '*.php' -exec grep -qi 'C99Shell' '{}' \\; -print<br \/>\necho \"Complete\"<br \/>\n: # clean exit<br \/>\n<\/code><\/p>\n<p>2- <code><br \/>\nfind \/var\/www\/  -name \"*\".php  -type f -print0  | xargs -0 grep r57 | uniq -c  | sort -u  | cut -d\":\" -f1  | awk '{print \"rm -rf \" $2}' | uniq<br \/>\n<\/code><\/p>\n","protected":false},"excerpt":{"rendered":"<p>1- This code will start searching from \/ if no shell argument passed. You may want to adjust this default directory to the location of your apache directory instead for speed purposes. #!\/usr\/bin\/env bash # Identifies instances of the c99Shell PHP trojan within PHP files FIND_LOC=${1:-\/} # Root the find by the a directory provided [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-427","post","type-post","status-publish","format-standard","hentry","category-kategerisiz"],"_links":{"self":[{"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/posts\/427","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/comments?post=427"}],"version-history":[{"count":1,"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/posts\/427\/revisions"}],"predecessor-version":[{"id":428,"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/posts\/427\/revisions\/428"}],"wp:attachment":[{"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/media?parent=427"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/categories?post=427"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/tags?post=427"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}