690 shaares
3 liens privés
3 liens privés
To identify potential backdoors, check your files for these PHP functions:
base64
exec
move_uploaded_file
str_rot13
gzuncompress
eval
stripslashes
system
assert
preg_replace (with /e/)
Use the following SSH command to detect any hacked files located within your directories:
find . -type f -name '*.php' | xargs egrep -i "(mail|fsockopen|pfsockopen|stream\_socket\_client|exec|system|passthru|eval|base64_decode) *("
The following command will locate image files with backdoor functions:
find wp-content/uploads -type f -iname '*.jpg' | xargs grep -i php
Lastly, use the command below to locate infected iframes:
find . -type f -name '*.php'| grep -i '<iframe'