来源:自学PHP网 时间:2015-04-17 13:03 作者: 阅读:次
[导读] grep -r ndash;include=*.php lsquo;[^a-z]eval($_POSTrsquo; . grep.txtgrep -r ndash;include=*.php lsquo;file_put_contents(.*$_POST\[.*\]);rsquo; . grep.txt结合find . -name *......
|
grep -r –include=*.php ‘[^a-z]eval($_POST’ . > grep.txt
grep -r –include=*.php ‘file_put_contents(.*$_POST\[.*\]);’ . > grep.txt 结合find . -name “*.php”-type f -print0|xargs -0 egrep “(phpspy|c99sh|milw0rm|eval\(gzuncompress\(base64_decode|eval\(base64_decode|spider_bc|gzinflate) ”|awk -F: ‘{print $1}’|sort|uniq 查找的更彻底 find -type f -name \*.php -exec chmod 444 {} \; find -mtime -1 -type f -name \*.php find /websitedir/ -type f -name “*.php” |xargs grep “eval(” > /home/test.txt find ./ -name “*.php” -type f -print0|xargs -0 egrep “(phpspy|c99sh|milw0rm|eval\(gunerpress|eval\(base64_decode|spider_bc)”|awk -F: ‘{print $1}’ |sort|uniq find ./ -name “*.php” -type f -print0|xargs -0 egrep “(phpspy|c99sh|milw0rm|eval\(gunerpress|eval\(base64_decode|spider_bc)”|awk -F: ‘{print $1}’ |sort|uniq /websitedir/www.2cto.com 改成你自己的论坛 程序目录 最后看这个test.txt 文件 看看有没有特别的非论坛程序 如果不是你自己上传的 那请备份 好删除 Find ./ -Name “*.Php” | Xargs Grep ‘Eval($_POST’ Find ./ -Name “*.Php” | Xargs Grep ‘Phpspy’ 查杀木马、后门 常见的一句话后门: grep -r –include=*.php ‘[^a-z]eval($_POST’ . > grep.txt grep -r –include=*.php ‘file_put_contents(.*$_POST\[.*\]);’ . > grep.txt 作者:问君几多愁 |
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com
