Re: Possible to search for code - hacker has made a lot of files on my shared host domains
Searching the content of files on a remote server is not very practical because each file would need to be downloaded, you may as well download everything and do a local grep. GrepWin is nice tool, it can also do find and replace, then re-upload the edited files all in one go. Trying to do this remotely, what if the files are re-infected by another file immediately after you sanitize it?
The best solution would be to replace all the files on the server with a local copy of the files that haven't been tampered with, trying to sanitize the remote files may work but if you miss one file or another backdoor you leave yourself open to a repeat hack.
If you don't have the original files and your only option is to sanitize the modified files then it would be more practical to access the server via a ssh (shell) and use grep to find files that contain the desired text patterns.
Either way the site should probably be taken down while the files are sanitized and only brought back online once you can ensure all the files are cleaned.
|