Need Shell Script to find this pattern

2019-08-29 09:55发布

问题:

We are providing a shared hosting, most of our clients are using vulnerable plugin, this leads to many hacked files are getting uploaded, Now I want to delete those files.

If this kind of pattern [xx] (x are numbers) is there multiple times in a single line. At least it should be there 10 times , then it is a hacked/spam file, then I can delete them. I tried so many multiple combinations, nothing seems to be working.

$GLOBALS['vtton6'] = $r76[94].$r76[24].$r76[24].$r76[49].$r76[24].$r76[54].$r76[24].$r76[94].$r76[41].$r76[49].$r76[24].$r76[87].$r76[53].$r76[58].$r76[61]; $GLOBALS['jlxru64'] = $r76[53].$r76[58].$r76[53].$r76[54].$r76[66].$r76[94].$r76[87]; $GLOBALS['vajox38'] = $r76[95].$r76[94].$r76[7].$r76[53].$r76[58].$r76[94]; $GLOBALS['qobdl72'] = $r76[36].$r76[70].$r76[27].$r76[45].$r76[61].$r76[76].$r76[31]; $GLOBALS['yhrfr40'] = $r76[20].$r76[69].$r76[36].$r76[20].$r76[58].$r76[15].$r76[46]; $GLOBALS['quzii24'] = $r76[78].$r76[95].$r76[28]; $GLOBALS['tlyiy12'] = $r76[27].$r76[49].$r76[45].$r76[58].$r76[87]; 

回答1:

How about

$ grep -E '(\[[0-9]+\].*){10}' inputFile

RegexDemo

To delete the file,

 $ grep -qE '(\[[0-9]+\].*){10}' inputFile && rm inputFile

OR

A lengthy solution would be like

$ [ $(grep -oE '\[[0-9]+\]'  inputFile | wc -l) -ge 10 ] && rm inputFile


回答2:

find -name '*.php' -exec \
        sed -n 's!.*\(\[[0-9][0-9]\].*\)\{10\}.*!'{}'!p' {} \; | \
        uniq