sorry if this seems a bit noobish, as it's basically just an awk/sed query... but i can't figure it out and linux4noobs seems unlikely to be of much help.
basically, a friends wordpress sites have had some php injected into them... i'm trying to help him clean out his files so he can migrate to something a bit more secure. the injection is always a single <?php BAD STUFF ?> and is always at the very start of the file, but i can't guarantee they are all the same number of lines.
basically, i'd like to either be able to do one of the following: 1. delete the first range /<?php/,/?>/ 2. delete any range /<?php/,/?>/ that includes the phrase wehaveitagain (which is in every injected element)
I can find all the files, and I can delete ranges... but it's narrowing it to only the first or ranges that also include something else that is problematic
[link] [2 comments]