The method of Linux using shell Command to detect PHP Trojan Horse 01/19 Update SLTechnology News&Howtos

The method of Linux using shell Command to detect PHP Trojan Horse

2025-01-19 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Shulou(Shulou.com)06/01 Report--

This article mainly explains "Linux uses shell command to detect PHP Trojan horse", interested friends may wish to have a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn "Linux uses the shell command to detect PHP Trojans."

1. Find the PHP Trojan horse in one sentence

The code is as follows

# grep-r-include=*.php'[^ a Murz] eval ($_ POST'. "/ tmp/eval.txt

# grep-r-include=*.php 'file_put_contents (. * $_ POST\ [. *\]);'. "/ tmp/file_put_contents.txt

# find . /-name "* .php"-type f-print0 | xargs-0 egrep "(phpspy | c99sh | milw0rm | eval\ (base64_decoolcode | eval\ (base64_decoolcode | spider_bc | gzinflate)" | awk-F:'{print $1}'| sort | uniq

2. Find the PHP file that was modified on the last day

Page files in general sites are rarely changed, except for those that are dynamically generated temporarily. If the files in the page directory that generally do not change are modified, they may have been tampered with.

The code is as follows

# find-mtime-1-type f-name\ * .php

3. Modify the permissions of the website

The code is as follows

# find-type f-name\ * .php-exec chmod 444 {}\

# find . /-type d-exec chmod 555 {}

4. A common sentence: back door

The code is as follows

Grep-r-- include=*.php'[^ a Murz] eval ($_ POST'. "grep.txt

Grep-r-- include=*.php 'file_put_contents (. * $_ POST\ [. *\]);'. "grep.txt

Write the search results into a file and download them for slow analysis. Other features such as Trojans and backdoors are similar. If necessary, you can do a feature search for all the files in the station. Uploading pictures must also be bundled. Do a big cleaning.

5. Disable uncommonly used functions

Disable the php function with larger permissions that you do not need in the php.ini file. The modification method is as follows:

Disable_functions = system,exec,shell_exec

At this point, I believe you have a deeper understanding of "Linux uses shell commands to detect PHP Trojans". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.