Quote:
Originally Posted by HEAT
grep -R 696620287374 * > /home/backdoor.txt &
|
Did you check that the "696620287374" is the same in all backdoor files? Cause I think a "smart" hacker would use randomized files to ensure they're harder to detect
Quote:
Originally Posted by HEAT
5. Find infected website files and edit/delete.
grep -R svrtsg:#9@#yliwvi:#mlmv@# * > /home/infected.txt &
|
For example I had to search for another piece of string to find my infected files, looks like the guy doesn't use the same code strings for his infections all the time
P.S. I'd REALLY like to break some kneecaps today
