|
groundswells Random nobody Level: 4     Posts: 1/2 EXP: 191 For next: 88 Since: 10-27-09 Since last post: 12.5 years Last activity: 12.5 years 
|
|
| I have a friend with a dreamhost account that had all their domains hacked this same way. By any chance are you a dreamhost customer as well and was the timestamp on the changed files 10/23 16:31? I'm not finding from apache logs, anything around this timestamp and nothing in the authentication logs for my user.
On the side of a solution, from a shell account in the directory you want to find the files: find ./ -type f | while read ; do grep -l davtraff "$REPLY" ; done > davtraff.txt cat davtraff.txt | while read ; do perl -ni.bak -e 'print unless /davtraff/;' "$REPLY" ; done Since this line is added to the end of the file, you can wack any line with 'davtraff' (granted you don't use davtraff in your real code anywhere). The first line will find all the files with davetraff in them. The second line will take the list of files generated from the first line and then remove line with davtraff in it, while creating a If you are happy with the results you could then run: cat davtraff.txt | while read ; do rm "$REPLY" ; done or cat davtraff.txt | while read ; do mv "$REPLY" |
 Register - Login | |||||
|
Main
- Memberlist
- Active users
- Calendar
- Wiki
- IRC Chat
- Online users Ranks - Rules/FAQ - Stats - Latest Posts - Color Chart - Smilies |
|
| | ||
