We have had 3 sites hacked, they are all the **base64** encode hack that looks like this:
Is there a command similar to this one:
That I can use but which uses Regex to find and replace the entire string based on the starting characters? The reason I ask is because every instance of the injection starts the same but concludes in different ways, so I'd like a way to attack all of them at once.
Any ideas?
Code:
eval(base64_decode("CmVycm9yX3JlcG9ydGluZygwKTsKJHFhenBsbT1oZWFkZ.........")Is there a command similar to this one:
Code:
$ find . -name "*.php" -print | xargs sed -i 's@eval(base64_decode("CmVycm9yX3Jlc........")That I can use but which uses Regex to find and replace the entire string based on the starting characters? The reason I ask is because every instance of the injection starts the same but concludes in different ways, so I'd like a way to attack all of them at once.
Any ideas?