我有一些网站已遭到攻击并感染了恶意软件。Linux使用字符串查找文件并替换
有800多个文件需要更新,并且每个文件中的字符串完全相同。
我想要做的是找到所有具有恶意软件的文件,然后从文件中删除有问题的字符串。
我已经发现了一些当上基本字符串测试其做工精细的命令行脚本:
perl -pi -w -e 's/string_to_find//g;' test-file.php
,当组合成find命令:
发现。 -type f | xargs grep'string_to_find'-sl | xargs perl -pi -w -e's/string_to_find // g;'
现在,我的问题就是如何让这对这是一个非常漫长而复杂的字符串,字符串工作:
<?php @error_reporting(0); if (!isset($eva1fYlbakBcVSir)) {$eva1fYlbakBcVSir = "random_string_7365_characters_long";$eva1tYlbakBcVSir = "string_of_encoded_characters";$eva1tYldakBcVSir = "string_of_encoded_characters";$eva1tYldakBoVS1r = "string_of_encoded_characters";$eva1tYidokBoVSjr = "string_of_encoded_characters";$eva1tYldokBcVSjr=$eva1tYldakBcVSir($eva1tYldakBoVS1r);$eva1tYldakBcVSjr=$eva1tYldakBcVSir($eva1tYlbakBcVSir);$eva1tYidakBcVSjr = $eva1tYldakBcVSjr(chr(2687.5*0.016), $eva1fYlbakBcVSir);$eva1tYXdakAcVSjr = $eva1tYidakBcVSjr[0.031*0.061];$eva1tYidokBcVSjr = $eva1tYldakBcVSjr(chr(3625*0.016), $eva1tYidokBoVSjr);$eva1tYldokBcVSjr($eva1tYidokBcVSjr[0.016*(7812.5*0.016)],$eva1tYidokBcVSjr[62.5*0.016],$eva1tYldakBcVSir($eva1tYidokBcVSjr[0.061*0.031]));$eva1tYldakBcVSir = "";$eva1tYldakBoVS1r = $eva1tYlbakBcVSir.$eva1tYlbakBcVSir;$eva1tYidokBoVSjr = $eva1tYlbakBcVSir;$eva1tYldakBcVSir = "string_of_encoded_characters";$eva1tYlbakBcVSir = "string_of_encoded_characters";$eva1tYldakBoVS1r = "string_of_encoded_characters";$eva1tYldakBcVSir = "";$eva1tYldakBoVS1r = $eva1tYlbakBcVSir.$eva1tYlbakBcVSir;$eva1tYidokBoVSjr = $eva1tYlbakBcVSir;} ?>
现在,当我尝试搜索,并与完整的字符串替换(转义所有的特殊字符)我得到这样的结果:
Possible unintended interpolation of @error_reporting in string at -e line 1.
Name "main::error_reporting" used only once: possible typo at -e line 1.
是否有可能做什么,我试图做的或者说是不可能的字符串来捕捉?我需要以不同的方式转义@符号吗? (我逃过了\和没有工作)
任何帮助 - 我使用bash和Perl
FAQ http://learn.perl.org/faq/perlfaq6.html#How-can-I-quote-a-variable-to-use-in-a-regex- – daxim 2012-03-27 22:21:04
感谢daxim - 我没有想学perl – 2012-03-28 01:17:05