Page 1 of 1

fread or whatever php code from php page

Posted: Sun Nov 26, 2006 2:35 pm
by tsg
feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


I am trying to write a script to open php files on my website, read the code, remove code that a f*****g hacker put on there and then save it.

example, I have a page (well, a LOT of pages) that was created from my content management system, say "page.html". 

In that page.html, I have something like :

Code: Select all

<? page_id=1;
include "/path/to/main.php"';
?>
Well, my server was hacked and attached and all pages that were created by my system had coded added to the pages ... noW the pages are:

Code: Select all

<? page_id=1;
include "/path/to/main.php"';
ALL KINDS OF CODE TO SOME RUSSIAN WEBSITE HAD BEEN ADDED HERE
?>
I have been trying file_get_contents and fread ... but it seems to return the outputed HTML, not the PHP code.

IS there a way to read just the PHP code and I can str_replace and the write it back?

Thanks -Tim


feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Posted: Sun Nov 26, 2006 5:24 pm
by brendandonhue
You need to use a filesystem path to the files (/home/username/www/blah.php rather than yoursite.com/blah.php)
And hopefully you've fixed the problem that compromised your site in the first place, or it will probably just get defaced again.

Posted: Sun Nov 26, 2006 9:15 pm
by boo_lolly
brendandonhue wrote:You need to use a filesystem path to the files (/home/username/www/blah.php rather than yoursite.com/blah.php)...
that's exactly what he did.

tsg, you have a unique problem. i didn't say uncommon. the first thing that comes to mind is if you are using a *nix system, or have a windows version of the shell (like putty) you should try the 'grep' command. if you are not using a shell i would recommend starting right NOW. if you are unfamiliar with the cli shell you should go here to get an introduction. search for all the files (using the command grep) that contain the HTML output that is displayed as your pages' content.

once it has returned a list of all the files that contain your search query, open them up with the vim editor if you have a microsoft or mac operating system. if you are using a *nix system it should have been installed with your distro under the name vi editor (no 'm'). if you are not familiar with editing with the vi/vim editor now is a good time to start. both editors respond to the same commands, afaik. using the vi editor you can repeat the same series of commands (which should only turn out to be 3, maybe 4 total) on every file that contained the content of your search query.

i'm sure there's a way to do it in php. but wouldn't you feel more content with your site if you deleted the over-script for good? i'm pretty sure, also, that most everybody here will agree that it is a good idea to learn the above material, if you haven't already. if you haven't, this would be the perfect issue to solve using the shell and vi/vim as a beginner. hope this helps. good luck!

Posted: Mon Nov 27, 2006 5:45 am
by tsg
I got it working. I was using the path, but wasn't displaying what I wanted to see ... but was in the source code.

I have fixed the security issue, but they have left so much behind don't know if I will find it all.

Thanks