my notes

Find malware scripts on your server


grep -Rn 'GIF89aG' /var/www


grep -Rn 'shell *(' /var/www
grep -Rn 'tcp *(' /var/www
grep -Rn 'system *(' /var/www


grep -Rn 'eval(base64_decode(' /var/www
grep -Rn 'eval(gzinflate(base64_decode(' /var/www
grep -Rn 'eval(gzuncompress(base64_decode(str_rot13(' /var/www
grep -Rn 'eval(str_rot13(gzinflate(base64_decode(' /var/www

or searching for these function with one commans


grep -RPn '(system|shell|tcp) *\(' /var/www

Tags

malware