Life as a website administrator is never easy, mainly when you are running such websites that may attract wrong kind of people, e.g. crackers or script kiddies. One of the most important steps in keeping a website safe is to make sure there is no permission leak on the server caused by careless configuration or by setting too liberal file permissions.

Shit still happens sometimes when you forget to be careful and some day, some bad ass figures out the leak on your website and uses that leak to inject rotten code to every single file on the server (happens too often on shared servers). Something like this recently happened to one of my clients who had set 777 permissions on a WordPress plugin directory and all PHP files under it. What happened next is for anyone to figure out but for the sake of this post, I’ll say that the badass prepended encoded shit to every single PHP file on the client’s server.

So if you ever find yourself in a similar situation and are fortunate enough to have access to the command line on the server, run this command to recursively delete the 1st line from every single PHP file found in the current folder and its sub-folders (first make sure the encoded stuff hasn’t been injected on the same line that also has the opening PHP tag “<?php”):

or a better version (if you want to find a string of code and delete it):

Opposite to this, if you instead want to prepend something recursively to all the PHP files in the current directory, use the following command:-

In any of the above commands, if your file type is different than PHP, just use your file type there (e.g. *.html for HTML files, *.py for Python files, etc.), replacing “php”.

Hope it helps somebody in trouble.

Tagged with →  
Share →
%d bloggers like this: