Find Hidden Malicious Code In Your Website

This is a little off the subject of Actionscript 3, but I think it’s an important little trick to know for anyone building content for the web. So here I am going to show a quick php snippet that will find hidden malicious code in your website, or more specifically, how to find hidden ‘strings’ of code in your site.

I’m not going to get into the obvious stuff about how to protect your site, site as good ftp passwords etc, that is for another article. This is just to help you find the offending garbage once it’s already there.

To cut to the chase, did you get some message while trying to visit your site saying that google has blocked it because of a virus infection? Usually it will give you a list of sites that are harboring malicious data that your site is linking back to. Someone has injected malware javascript into your site.

You can manually search for all of the infected javascript files, or you do the following:

1. create a new file, and call it finder.php
2. edit it, and paste the following code:

1
2
3
4
5
6
<?php
$input = "grep -r " . "'" . "keyword" . "'" . " *";
echo "Below is a list of all files containing your keyword:";
$output = shell_exec($input);
echo "<pre>#$output</pre>";
?>

3. change the word keyword to the malware domain name that google reported your site to be infected with.
4. save this file into the root folder of your website.
5. navigate to www.yoursite.com/finder.php

A list of occurences of that keyword will be shown. Now just open up all of the listed javascript files, scroll to the bottom and delete the code that has been injected into your site!

It will look through your entire site and return any instances of

Share on FacebookShare on Google+Share on StumbleUponTweet about this on TwitterEmail this to someone

Facebook comments:

Leave a Reply