TechnologyTips and Tricks0Remove repeated malicious script using shell script

We can use below code to remove repeated malicious scripts

#!/bin/bash
pattern_1=”<FilesMatch \”.(py|exe|php)$\”>”
pattern_2=”[ ]*Order allow\,deny\n”
pattern_3=”[ ]*Deny from all\n”
pattern_4=”[ ]*<\/FilesMatch>\n”
pattern_5=”[ ]*<FilesMatch \”\^(about.php|radio.php|index.php|content.php|lock360.php)$\”>\n”
pattern_6=”[ ]*Order allow\,deny\n”
pattern_7=”[ ]*Allow from all\n”
pattern_8=”[ ]*<\/FilesMatch>\n”
complete_pattern=”$pattern_1\n$pattern_2$pattern_3$pattern_4$pattern_5$pattern_6$pattern_7$pattern_8″
replacement_1=””
replacement_2=””
replacement_3=””
replacement_4=””
replacement_5=””
replacement_6=””
replacement_7=””
replacement_8=””
complete_replacement=”$replacement_1$replacement_2$replacement_3$replacement_4$replacement_5$replacement_6$replacement_7$replacement_8″
filename=”.htaccess”
echo “”
echo “Replacing the lines..”
sed -i “/$pattern_1/{
    N;N;N;N;N;N;N;N;N;
    s/$complete_pattern/$complete_replacement/
}” $filename
Notes : 
 – Special characters must be escaped with a backslash \
 – [ ]* — This will match 0 or many whitespaces. Standard RegEx notation
 – sed -i “/$pattern_1/{ — This will search the file, line-by-line, for pattern_1 [<FilesMatch “.(py|exe|php)$”>].
 – N;N;N;N;N — N tells sed to read the next line after the pattern and attach it to current line.
 – s/$complete_pattern/$complete_replacement/ — Replace $complete_pattern with $complete_replacement.
To run this script recursively in all folders and sub folders
function recursive_for_loop {
for f in *; do
if [ -d $f -a ! -h $f ];
then
cd — “$f”;
echo “Replacing the contents in folder `pwd`/$f”;
sed -i “/$pattern_1/{
N;N;N;N;N;N;N;N;N;
s/$complete_pattern/$complete_replacement/
}” $filename
# use recursion to navigate the entire tree
recursive_for_loop;
cd ..;
fi;
done;
};
recursive_for_loop
Share

Leave a Reply

Your email address will not be published. Required fields are marked *