ssh command for searching inside files

Question

Some weeks ago 2 of my sites have been exploited probably from an ftp bruteforce attack corrupting lots of my websites files. I found out that they usually insert the following code in js or php files:

[Trojan code removed as irrelevant to this question.]

I want to login via ssh and run a grep command searching all files and giving output only for the ones that have this code included.

Any help?

score 14 · Accepted Answer · edited Nov 04 '11 at 15:37

14

I use this command to find all files that contain a specified string:

find /path/ -name "*.ext" -exec grep -l "sting" {} \;

edited Nov 04 '11 at 15:37

Chadwick

12,364
7
48
66

answered Nov 04 '11 at 14:18

Bdwey

1,693
1
15
18

Dmitri · Answer 2 · 2014-07-13T18:46:57.260

5

After you log in, just run:

find /path/to/fies -type f -name "*.js" -exec grep -il 'string' {}\; > output.txt

replacing "/path/to/files" and 'string' as appropriate, of course.

edited Jul 13 '14 at 18:46

answered Jul 20 '11 at 21:54

Dmitri

2,510
2
22
38

score 2 · Answer 3 · answered Dec 07 '19 at 13:18

2

Use find to narrow by extension and grep to look inside each file. Adding -r and -I to your grep will search recursively and ignore binary (e.g. git) files.

find ./ -name "*.php" -exec grep -r -l -I "Layer" {} \;

answered Dec 07 '19 at 13:18

ow3n

5,268
4
47
51

ssh command for searching inside files

3 Answers3

Linked