不需要几个小时,我在几分钟内编写了一个非常非常简单的脚本,您可以手动调整以满足您的需求。
这里是:
$realPath = realpath('path/to/your/wp/installation');
// The needle is the string that you want to look for in your files
// gzinflate is pretty common, also try to look for preg_replace or eval,
// but those instructions are commonly used in WP, so you'll have a bunch of
// false positives.
//
// As far as js files, you might want to also look for document.writes because
// that's how worms insert iframes into your websites.
$needle = "/gzinflate/";
$di = new RecursiveDirectoryIterator( $realPath );
foreach (new RecursiveIteratorIterator($di) as $filename => $file) {
$haystack = file_get_contents($filename);
if(preg_match_all($needle, $haystack, $matches)) {
// Outputs suspicious file, not necessarily infected.
echo $filename;
echo "\n";
}