How to use wordpress-fix.php from SSH? (4 posts)

  1. EricG
    Posted 5 years ago #

    Well it looks like I got hit by that nasty wordpress exploit. My webhost has suspended my site until I can get things cleaned up.

    They suggested I run a file called wordpress-fix.php. I looked up the info for that, and it looks like I can do it one of two ways: 1) Run the php file from a browser at the root of my site (which I can't do, because the site is suspended) or 2) use SSH to run that was described as the following:

    $ find ./ -name "*.php" -type f | \ xargs sed -i 's###g' 2>&1$ find ./ -name "*.php" -type f | \ xargs sed -i '/./,$!d' 2>&1

    I know pretty much nothing about SSH, but grabbed a free client and tried entering that line. All I get is -bash warnings about "command not found". Can anyone out there tell me what's wrong with that line?


  2. Darrell Schauss
    Posted 5 years ago #

    Try without the $ at front. $ or # at front usually indicants the start of the command not something you actually type.

    find ./ -name "*.php" -type f | \ xargs sed -i 's###g' 2>&1$ find ./ -name "*.php" -type f | \ xargs sed -i '/./,$!d' 2>&1

    This should show you results and not actually change files. Not tested but I do command like this with grep a lot.
    find ./ -name "*.php" -type f | \ xargs grep -i 's###g' 2>&1$ find ./ -name "*.php" -type f | \ xargs grep -i '/./,$!d' 2>&1

  3. EricG
    Posted 5 years ago #

    Thanks darrellonsite!

    When I ran the second line from your post, I got these warnings:

    -bash:  xargs: command not found
    -bash: 1$: ambiguous redirect
    find: ./public_ftp: Permission denied

    Does it matter how many spaces appear before xargs?

  4. EricG
    Posted 5 years ago #

    Got some info from my webhost about this, sort of.

    "The grep we use to find the code on your account is: find public_html/ -type f -size -10000k ! -wholename "*/cache/*" -print0 | xargs -0 grep -Hli aWYoZnVuY3Rpb25fZ

    I then added |wc -l to get a count of how many files (1,598)
    I also added >> hackfiles2.txt so you have an updated list in your root directory."

    I'm able to run this command to get the same results they do, but that doesn't fix anything. Anybody able to spot why I'm getting those -bash errors?

Topic Closed

This topic has been closed to new replies.

About this Topic


No tags yet.