Ok, so here’s what happened…
My sweet, sweet WordPress blog got hacked, which is bad. I’m not sure that it was actually my blog that caused the issue, but it was certainly affected. To my dismay, every visitor to my blog was getting prompted to download the lastest and greatest in 7 year old viruses. Rather than just being pissed about it, I decided to take it as an opportunity to clean house. I’d needed to clean out some old, aborted projects anyway, so I did what anyone with a passable knowledge of *nix system administration does… I broke out my trusty sledgehammer:
…and I went to work. I deleted temp files, and download directories, and “_old” directories. I killed all of the crap that was left over from trying to get RoR working. It was exhilarating! As I approached the /blog directory in an rm induced haze, I did that thing which we all dream of getting some n00b to do:
Hands: cd ~/blog
Brain: La, la, la…
Hands: rm -r
Brain: La, la l… er?
Hands: f *
Brain: ummm… maybe we should stop with the f?
Hands: [evil laugh] [ENTER]
And that was that. The blog was gone, and the worst part was I still had that whole “my website is handing out viruses like Typhoid Mary in 1915 New York” thing to deal with!
Solving that was actually kinda fun. It turns out a bunch of nasty had been added to the beginning of a bunch of PHP files in a bunch of directories. Removing this crap one at a time would have been a serious PITA, so I did some research and came up with this little bugger:
find . -iname '*.php' | xargs grep -l -R -E "<\?php \/\*\*\/ eval\(base64_decode\(\"aWYoZnVuY3Rpb25fZX(.*)\)\);\?>" | xargs sed -i 's/<?php \/\*\*\/ eval(base64_decode(.*);?>//'
Sweet, right? You figure it out… I’m citing the following from Real Programmers Don’t Write Specs:
Real Programmers don’t comment their code. If it was hard to write, it should be hard to understand.
Thanks, and good day.