mysql IN function alternative when using mysql field
December 13, 2010Extract modified files from GIT
January 26, 2011more and more people, including some of my clients get attack by various versions of iframe injections.
One of them, includes injecting a php file inside the host. after that, by various means, in all the htaccess files it’s injected a code similar with:
AddType application/x-httpd-php .php .phtml .php3 .php4 .php5 .htm .html
php_value auto_prepend_file /path/xxxx_atacking_file_which_has_php_code
now to remove that code from each htaccess file use the following php code:
function r_fix($dir='.') {
if ($handle = opendir($dir)) {
while (false !== ($file = readdir($handle))) {
if (is_dir("$dir/$file")) {
if ($file != '.' && $file != '..') {
r_fix("$dir/$file");
//chdir($dir);
}
} elseif ($file=='.htaccess'){
$path = $dir . '/' . $file;
$contents = file_get_contents($path);
if(strpos($contents, 'xxxx_atacking_file_which_has_php_code') !== false) {
$contents = str_replace('AddType application/x-httpd-php .php .phtml .php3 .php4 .php5 .htm .html', '', $contents);
$contents = str_replace('php_value auto_prepend_file /path/xxxx_atacking_file_which_has_php_code', '', $contents);
echo $path."
\n ";flush();
file_put_contents($path, $contents);
}
}
}
closedir($handle);
}
}
r_fix();
