FTP Search Function

[JoeS.]

I'm curious if anyone can point me in the right direction here: I'm looking for an easy way that I can search the code of an entire site for malicious content. For instance, I'd love to easily search an entire site, all files included for "base64" or "eval" or something like that. It doesn't appear that I can do this through Transmit or through webshell. If anyone has a solution for this, I'd love to hear it.

Thanks,

Joe

 

[Stephen]

Don't know of a way to do it through webshell or FTP

but I will say I have seen a LOT of wordpress, oscommerce, joomla and other sites without latest versions hit with encoded eval/base64 attacks lately!

 

[JoeS.]

Would it be logical then to pull down a local copy and do a local find of some nature? Seems like there should be a better way to do that.

 

[tanmaya]

I can make suggestions, however such scans on server if done by many, may have noticeable IO overhead. We really want to help clients with this asap, if only we could get past our current todo's.

 

[Stephen]

Would it be logical then to pull down a local copy and do a local find of some nature? Seems like there should be a better way to do that.

It could be done, or you can ask a tech if they can do it as well.

We have on windows servers baregreppro license, and we use it often to help find these, not normally at user request just when we notice the 'hacking' (more like script defacing, even bots, looking for vulnerable versions 24/7), we try to find the source pages and remove them from executable.

 

[Stephen]

BTW just as a note and reminder to any that may see this, we are doing AV scans on the windows side of things, and quite often these are found in them and moved to quarantined disappearing out of the users folder.
We posted notice about this over 6 months ago, that we will be doing this and removing infected files from accounts.