A couple of my drupal sites were not fully updated and were hacked (big lesson learned). The hack created several extra .php files throughout the site and also inserted a snippet of code through some of the other already existing .php files.
I found this site explaining how to remove the added files as well as how to remove the extra code in the existing php files. I know this is only a temporary solution until I update all the software again and make sure any exploits are patched.
The only thing is i'm not very familiar with SSH or Putty, so I'm a little lost here.
Is there anyway I can run these two commands specifically for the effected sites only rather than every single site hosted under my account?
find . -size 494c -name "*.php" | xargs rm
grep -Rl PCT4BA6ODSE . | xargs sed -i 's/<[?]php.*PCT4BA6ODSE_.*[?]>/<\?php \/\/ RECOVERED FILE - more info at AllAboutTodd.com \?>/g'
How can I run these commands specifically for the effected sites? Any help would be greatly appreciated!
Definitely a big lesson learned on keeping software up to date. Thanks in advance for your help.