Archive for the ‘Friends’ Category

How to recursively remove text from hacked PHP files; or Reading the Man pages, being a man, and not dancing around the question

June 7th, 2013

So you login to your website only to find OMG WE’VE BEEN HAXX0RED!@#!@! Which quite frankly sucks.   It could be any number of issues, but let’s say you suffer from the condition where someone has inserted some encrypted block of txt at the top of each PHP file to execute when you launch the files.

You can fix it, one by one but that’s annoying as all hell and lengthy… going into vi for each file, deleting the first line, rinse, repeat, AHHHH!!!!

So you search the internet with various phrases like “remove text from php file” “how to strip txt out of files” “recursively fix hacked php worpress” I mean the list can and DOES go on, but the point is you end up on Forums and blogs where people are like LET ME SHOW YOU HOW IT’S DONE, resulting in them basically telling you to read the Man Pages.  Hey douche-bag, be a MAN and tell me exactly what I need to do.  The time to ‘learn’ how to do it is all fine and dandy for AFTER I have the problem resolved!   It’d be like going to the Mechanic to get your car fixed and having him laugh at you for not knowing what is wrong, and not fixing it until you can explain how you’d fix it yourself.  Guess what, you’re a dick and this is not a time for a learning lesson!

This is a time for a learning lesson!

If you happen to find yourself in the position to needing to ‘strip’ an arbitrary string of information from one or more files, here’s a way to do it, with an explanation of what each line of this means!

find . -type f -print0 | xargs -0 sed -i ‘s/.*zend.*//g’ *.php

So, some of you may be wondering, “Well, crap that works! I fixed it! but what does it mean and how do I use this to my benefit in the future?!” Here is a breakdown of the syntax and some alternative selections you can choose, and I’ll be explaining it in ‘reverse’ because that’s sort of how it is executing.

sed -i ‘s/.*zend.*//g’ *.php

    sed is a stream editor which with the –i flag is telling the system to edit files “in place” saving out to the original file as opposed to saving to another file name or type. You’ll notice that it calls “’s/” which is to “substitute” the contents of the following which is a search string, in this case *zend.* and what follows the “/g’” helps you choose what to replace the contents with, and in this case, the content will be nothing, e.g. truncate the line.

And lastly the “*.php” at the end specifies on what file types we want to perform this command against.  We could easily choose “*.htm” or even “*”

xargs –0

     What exactly does this mean? Well, this tells the system to expect a ‘null’ character, this is often used in accord with find and –print0 as below

find . –type f –print0

   What is going on here, is the system is going ‘find’ based upon the parameters we specified in the other areas (e.g. *.php) initiating at the current directory of “.”   But then what we get is “-type f” basically tells the system to indicate that a host has been identified as having that ‘string’ of text to replace, and “-print0” will then print out what the “filename” was.

How this basically sums up is the system starting at a base directory starts searching through all subdirectories looking for files which have a certain string of text in them.  When it finds that string of text the print0 will tell xargs to print the name of the file which HAD the string of text.  With the filename identified then sed will step in an execute the ‘replacement’ of the string of text, which in this case basically deletes it.   It continues searching through the directory structure until it has exhausted the criteria of finding .php files which have the data in mind.

Now, you’re not limited to using ‘sed’ for this, you could just as easily run with using “grep –Ev” to find and replace the string of text for you, it really comes down to what you’re comfortable with and how you want to cut it.

Hopefully the lesson here is… Here is a solution to a problem that some of you WILL suffer from in your life and hell, I can go back to use this script again in the event that one of my sites I manage gets screwed up again.    Respectively with a little effort you can use this to find and replace text in files in your environment, say modifying host files en-masse or changing DNS in resolv.conf throughout your environment… Whatever floats your boat!

Special thanks to my twitter friends who tossed out VARIOUS ways to do this!   @Fr3d_org @davidchapa @cody_bunch

Hopefully you found this useful, I sure as hell did!

Tags: , , , , , , ,
Posted in Blog, Education, Friends, Informational, Social Media, tools, Twitter | Comments (0)

Farewell, but not goodbye! (Transitioning from NetApp to EMC)

September 7th, 2009

September 4th, 2009 was a beautiful yet fateful Friday.   The sky was clear, lunch was good, and it also happened to be my last day working at NetApp.

Yes, it was my last day at NetApp – breaking up is hard to do, and this was a particularly challenging breakup!

I didn’t have the opportunity to send a formal farewell message to folks internally, so this will serve as my farewell (but not goodbye!)NetApp Teamwork Award

For those of you who don’t know, I worked for NetApp in the Chicago District – Yes, this is the very same Chicago district who recently won Teamwork Award across all of the Americas in the hardest Q4 most businesses had to deal with in their entire business!   So, it goes without saying that I had the opportunity of working with a cohesive family which embodied teamwork.


Fortunately, I worked with, met and interacted with so many intelligent and passionate individuals, the entire experience of working for Fortune magazine’s #1 best company to work for was an absolutely great, engaging and rewarding experience like no other.    In the short time (2 years) I was with NetApp I have seen extraordinary change, the ecosystem of business and the economy go on a rollercoaster adventure.   Never once did these individuals stray, but instead stepped up to the occasion and became better for their actions.   I know in my stead, this trend will continue and I look forward to seeing the growth within the community over the passage of time.

So, while I will miss you all – this is only farewell, but not goodbye.  Fortunately the community we’re all a part of is a receptive and growing one.  Our paths will cross continually and growth and self-development will always be an agenda we all pursue.   My community involvement will not shrink, and likely will continue to increase.  And my communication back out of offers to the technology community as a whole (whether those be discount vouchers, opportunities, so on and so forth) will continue to flow like a tapped pool of knowledge!

I’m sure given the circumstance many of you may be interested in why I made this particular decision.   Know that through heavy calculation, this was chosen as the best decision for me and my family at this particular stage in my life, and is in no way a reflection of the absolutely amazing organization I am walking away from to the equally amazing organization I am going towards.  

I am particularly excited about the new role I will starting on September 14th, 2009 (My Birthday of all days!)   Yes, while this may read as though it is a rebirth; starting a new job on my birthday, I will be certain to bring the same level of passion, engagement and enthusiasm that every one of you who has ever met me is likely to recall. :)

The next chapter of my life will be living the rock star life of a Senior Technology Consultant at EMC, continuing my trend of raising awareness, education, doing the right thing, evangelizing and informing the Enterprise IT community.     I know what you’re saying “Wow Christopher, you’ve held one consulting role or another for the past 20 years” Damn straight skippy! A consultant is strangely what I grew up knowing and being, and the evangelist side of things is just a further extension of my adopted religion (Re: Facebook Religion status is listed as Technology:))

I will continue to be actively involved in giving back to various technology communities.   Within the Exchange community (there’ll be more to say on that soon ;)), within the Chicago Microsoft space in general (Chicago Windows Users Group), the global Microsoft space (TechEd) and the Training Community (MCT Summits, etc).  I encourage you to reach out to me through any of these avenues, not to mention LinkedIn, Facebook, Twitter, (vouchers ;)) and any number of random Security, Cloud and Virtualization events as they come up! (Oh, email is fine too :))

So, I wish every one of you I’ve had the opportunity to work with, customers, partners and colleagues alike the best! Do keep in touch and let me know how things are with you, and I’m glad to help in the various ways I can and do help within the community!    And to my future customers, partners and colleagues – I look forward to the opportunity to work with you!

Best of luck, I appreciate all of the encouragement and continue to look for good things from me… :)

Tags: , ,
Posted in Christopher Kusek, emc, Friends, NetApp, Storage | Comments (2)

Blonde Ambitious! Hi Bobbie!

October 3rd, 2008

Hi! I’d like to introduce you to my friend Bobbie – Her blog is ‘teh rock’ as the “kids” are saying (Who are these kids?!)

But seriously let us welcome her with open arms.  Her banner itself is sweeeeet!


she’s an amazing person, artist, poet, writer, smart, intelligent and all-around amazing person.

(I totally didn’t realize I said amazing twice. :))

I’ve added her over to a newly created “Friends” section on the right (Aww Yea!)

So, welcome her with open arms and if this plane ever takes off… open wings? :)

/sitting in the plane at the terminal waiting for ‘pilots’

Tags: , , , ,
Posted in Baltimization, Christopher Kusek, Friends | Comments (1)

  • Archives