HostOnNet Blog

Find inside files

To find all php files in /home folder with content “Spy Shell”

find /home -name '*.php' -exec grep 'Spy Shell' {} \; -print

Some of the common function used in hacker scripts that you can search for.

find /home -name '*.php' -exec grep 'system(' {} \; -print
find /home -name '*.php' -exec grep 'exec(' {} \; -print
find /home -name '*.php' -exec grep 'passthru(' {} \; -print
find /home -name '*.php' -exec grep 'Spy Shell' {} \; -print

Find the particular string from the list of files in current directory:

grep -iH 'STRING TO FIND' *.php

To find string “highlight_match) . ” in all files with name “viewtopic.php”, run following command

find /home/ -name "viewtopic.php" -exec grep "highlight_match) . " {} \; -print

On cpanel server, check string in apache access log of all sites

for files in /usr/local/apache/domlogs/*; do grep "wget" $files; done;
for files in /usr/local/apache/domlogs/*; do grep "rmview" $files; done;
for files in /usr/local/apache/domlogs/*; do grep "psybnc" $files; done;

To store result to a file

for files in /usr/local/apache/domlogs/*; do echo $files; grep "wget" $files ; done;
for files in /usr/local/apache/domlogs/*; do echo $files >> 1.txt ; grep "wget" $files >> 1.txt ; done;

Posted in Security