Wednesday, May 6, 2015

Finding malware codes on web pages

It is beginners trick, not advised for administrators.

Lot's of tools are available on Linux to find the malware codes injected on server. But most of them not detect the page with url encoded. Because it's php functionality. Mostly of this happens when developer or administrator not aware problem when we providing 777 permissions to pages on web servers. In these cases simple java-script injection will make server to get down.

We can disable this function, urldecode but unfortunately it's bad idea on shared hosting and most of frameworks using url encode and decode. In this case, we can do some manual work for figure-out codes by following commend.

find . -iname '*php' | xargs grep 'urldecode' -sl

This will list the files that have urldecode. We can check page and remove code.

Shell script for read line from text file

My need: Read line from the text file by shell script and append few text before and after the line. Script: #!/bin/bash file="...