My server has been hit with a nasty javascript iframe virus. The Trojan injects itself in to every index.php, index.html, & login.php files. The virus looks like <script>VirusCodeCrap</script>
Is there anyway I could use PHP's str_replace function to search my server and delete the virus? Would anyone know wher I could find some examples on how to do this?
Thanks,
Albert
If you are on a Unix server, sed is the best way to find and replace text in files.
If you must use PHP, the algorithm will be:
Read a file into a variable using file_get_contents()
$file_contents = file_get_contents( $filename );
Search for the replace the offending string
$file_contents = str_replace( $the_offending_text, $the_replacement_text, $file_contents);
Write $file_contents back to the file using file_put_contents:
file_put_contents( $file_contents );
str_replace() may be insufficient if the string is not precisely the same in every case. If there are variations in the offending string, you may need to use a regular expression to locate and remove them.
I would immediately delete all files from your server and re-upload clean copies from wherever your code repository is. I would also find where the code was exploited and patch that security hole.
Going about it by editing the virus out of your files seems like the long and hard way when you should have a backup of your files ( that haven't been on a live server ).
Related
No matter how hard I try, mkvextract doesn't work properly. I'm aware that there is a problem with the file path, but I tried hundreds of times, but I still could not succeed. How can I run this correctly?
shell_exec("mkvextract tracks /home/movies/R-12/X-1 ÇĞŞZ.mkv");
or
$filename = "/home/movies/R-12/X-1 ÇĞŞZ.mkv"
echo shell_exec("mkvextract tracks \"$filename\"");
I am aware that you cannot access the file path due to special characters
There may be several issues:
A file read permision issue: the file exists, but PHP (and the mkvextract it runs) don't have the permission to open it. In the rest of my answer I assume this is not happening, because you haven't added any error message containg the word permission or access to your question.
A shell argument escaping issue: correcly passing a command argument containing whitespace and/or shell metacharacters (e.g. ", \, $). I address this with escapeshellarg below.
A filename encoding issue: correctly specifying non-ASCII characters in filenames. I address this with mb_convert_encoding below.
For testing purposes, make a copy of the input file to /home/movies/t.mkv, and then try echo shell_exec("mkvextract tracks /home/movies/t.mkv").
If that works, then rename the copy to /home/movies/t t.mkv, and then try echo shell_exec("mkvextract tracks " . escapeshellarg("/home/movies/t t.mkv")). Without the escapeshellarg call, it wouldn't work, because the filename contains a space.
If that works, then the problem is with non-ASCII characters in the filename. To investigate it further, examine the output of var_dump(scandir("/home/movies/R-12")), and see how the letters with accents appear there. Pass it the same way to shell_exec. Don't forget about escapeshellarg.
If that works, use encoding conversion (with mb_convert_encoding) for the remaining filenames. You may want to ask a separate question about that, specifying the output of var_dump(scandir("/home/movies/R-12")) and var_dump("X-1 ÇĞŞZ.mkv") in your question.
$filename = "/home/movies/R-12/X-1 ÇĞŞZ.mkv"
echo shell_exec("sudo mkvextract tracks \"$filename\"");
I guess the whole problem was not adding sudo per :)
I am opening a file on the server with PHP. The file seems ordinary. It opens in Notepad and Textedit on a PC. Even PHP can display it without any issue in a web browser when we echo out.
But when I try searching it with strpos() it can’t find anything except single characters. if i search for a string with 2 or more characters, it doesn’t find anything.
I have tried encoding it to UTF-8, and it detects it as ASCII. so everything seems right there.
I have also isolated the part of the file that I am trying to read down to only 250 characters. They all look fine on the screen.
But strpos can’t find it. I’ve run tests on every part of my code and I believe everything is fine with my code. The problem I believe derives from that the characters I see on the screen are not exactly matching what those characters really are.
My last resort is to write a function which converts each character into an integer array (if that’s even possible), and then convert all that back to a string. This way, we’ll know 100% that the characters we see are real.
Hoping that somebody has a better approach or perhaps an idea for something I missed?
I'll post the code below:
$content = file_get_contents($file->getPathname()); // get the file contents
$content = substr($content, 30, 300); // reduce the large file to just the first few lines
$content = htmlspecialchars($content); // try to remove any special characters from the file
$content = iconv('ASCII', 'UTF-8//IGNORE', $content); // encode to a friendly format
$string = "JobName"; // this is the string i'm searching for
if (strpos($content, $string) !== false) {
echo "bingo";
}
else {
echo " not found ";
}
Just to be clear, the file I'm opening is generated from a PC program that stores its data in .DAT format. Like I said, I can see and read the content very easily using any program, including PHP. but when I try to search, its as if it doesn't recognize the content at all.
I am not aware of how to upload a file on StackOverflow, but if someone can tell me how to do it then I will gladly post the file itself.
Thank you very much for your help ARKASCHA. I was able to find an online HexEditor and when I saw the characters, it seems there is a NUL character between every single character in this file. that's probably why I couldn't see it with a regular view. I just had to run an additional function to remove NUL characters from the file, and then it works as its supposed. Thanks again.
I'm trying to load a xml file from an external ftp server. Sadly the filename contains a space between two words.
Homepage-Filename Statistics-170210.xml
I'm able to load the file with simplexml_load_file, if there is an underscore a dash. For example:
Homepage-Filename_Statistics-170210.xml
simplexml_load_file('ftp://username:password#ftp.domain.com/Homepage_Filename_Statistics-170210.xml');
But I'm not able to change the file name, so I have to load the file with spacing inside.
I have tried to replace the space with %20 or backslash / , but it isn't working either. For example:
Homepage_Filename%20Statistics-170210.xml
or
Homepage_Filename/ Statistics-170210.xml
Someone has an idea, how load something like this?
Thanks!
I can also reproduce this problem with the simplexml_load_file.
Interestingly the file_get_contents works:
$url = 'ftp://username:password#ftp.domain.com/Homepage_Filename/ Statistics-170210.xml';
simplexml_load_string(file_get_contents($url));
I use a script to get an image from another server and store it in the db, the problem is that when the url has a space in it, the function grabs nothing.
I tried to encode the url and to simply replace all spaces with %20 but with no success.
I'm running out of options, if any of you could give me some ideas would be great!
Thanks!
$thumb=imagecreatefromjpeg(http://www.dummysite.ca/imageone.jpg); //->WORKS
$thumb=imagecreatefromjpeg(http://www.dummysite.ca/image one.jpg); //->DOESN'T WORK
EDIT: more info: I'm running a CentOS machine, php 5.2.17
EDIT: found the answer, replacing spaces with %20 actually WORKS but I was foolish and only replace it before the imagecreatefromjpeg call, it turns out getimagesize needs it as well
So for those who will have a similar problem
replacing spaces with %20 actually WORKS but I was foolish and only replace it before the imagecreatefromjpeg call, it turns out getimagesize needs it as well
I would do everything in my power to keep spaces out of filenames. At whatever point the file enters your server it should be renamed to something with underscores. Personally For file uploads I rename every file to a combination of timestamp and the uploader's ip address. Grabbing from another server could use the same logic. If you need to save the original filename just save it as a text string associated with the DB entry.
I want to replace certain strings with another one in a text file (ex: \nH with ,H). Is there any way to that using PHP?
You could read the entire file in with file_get_contents(), perform a str_replace(), and output it back with file_put_contents().
Sample code:
<?php
$path_to_file = 'path/to/the/file';
$file_contents = file_get_contents($path_to_file);
$file_contents = str_replace("\nH", ",H", $file_contents);
file_put_contents($path_to_file, $file_contents);
?>
There are several functions to read and write a file.
You can read the file’s content with file_get_contents, perform the replace with str_replace and put the modified data back with file_put_contents:
file_put_contents($file, str_replace("\nH", "H", file_get_contents($file)));
If you're on a Unix machine, you could also use sed via php's program execution functions.
Thus, you do not have to pipe all of the file's content through php and can use regular expressions. Could be faster.
If you're not into reading manpages, you can find an overview on Wikipedia.
file_get_contents() then str_replace() and put back the modified string with file_put_contents() (pretty much what Josh said)