Home/ Questions/Q 6537573
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T10:37:57+00:00

I am facing issues with my server as sometimes the malwares are adding their

  • 0

I am facing issues with my server as sometimes the malwares are adding their code at the end or start of the files. I have fixed the security loopholes to the extent of my knowledge. My hosting provider has informed that the security is adequate now, but I have become paranoid with the viral/malware activity on my site. I have a plan, but I am not well versed with Linux editors like sed or awk or gawk so help needed from your side. I can do this using my PHP knowledge but that would be very resource intensive.

Since malwares/virus add code at the start or end of the file (so that the website does not show any error), can you please let me know how to write a command which would recursively look into all .php files (I will use the help to make changes in other type of files) in parent and all sub-directories and add a particular tag at the start and end of the file, say, XXXXXX_START, and YYYYYY_END.

Then I need a script which would read all the .php files and check if the first line of the code is XXXXX_START and last line is YYYYYYY_END and create a report if any file is found to be different.

I will setup a cron to check all the files and email the report to me if any discrepancy found.

I know this is not 100% foolproof as virus may add the data after the commented lines, but this is the best option I could think of.

I have tried the following commands to add data at the start – 

sed -i -r  '1i add here' *.txt

but this isn’t recursive and it adds line to only the parent directory files.

Then I found this –
BEGIN and END are special patterns. They are not used to match input records. Rather, they are used for supplying start-up or clean-up information to your awk script. A BEGIN rule is executed, once, before the first input record has been read. An END rule is executed, once, after all the input has been read. For example:

awk 'BEGIN { print "Analysis of `foo'" }
     /foo/ { ++foobar }
     END   { print "`foo' appears " foobar " times." }' BBS-list

But unfortunately, I could not decipher anything.

Any help on above mentioned details is highly appreciated. Any other suggestions are welcomed.

Regards,

Nitin

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You can use the following to modify the files (also creates backup files called .bak):

    find . -name "*.php" | xargs sed -i.bak '1iSTART_XXXX
$aEND_YYYY'

    You could use the following shell script for checking the files:

    for f in `find . -name "*.php" -print`
do
    START_LINE=`head -1 $f`
    END_LINE=`tail -1 $f`

    if [[ $START_LINE != "START_XXXX" ]]
    then
        echo "$f: Mismatched header!"
    fi

    if [[ $END_LINE != "END_YYYY" ]]
    then
        echo "$f: Mismatched footer!"
    fi
done
    • 0