Posted by & filed under Linux.

Bad hax0rs! base64_decode is used by hackers frequently when they hijack a site to obfuscate their malicious code. This quick BASH one-liner will find files containing this evil function and lists them out:

find . -name '*.php' | while read  FILE; do  if grep  'eval(base64_decode' "$FILE"; then echo  "$FILE" >>  infectedfiles; else echo "$FILE"  >> notinfected; fi ; done

Leave a Reply

You must be logged in to post a comment.