Have a client machine that is a little loaded that has a ton of modified files. Normally we just restore off the last backup or the previous generation backup, but, over 120k files since June 2011 have been exploited. Since the machine is doing quite a bit of work, we need to throttle our replacements so that we don’t kill the server.<\/p>\n
\r\n#!\/usr\/bin\/python\r\n\"\"\"\r\n\r\nQuick search and replace to replace an exploit on a client's site while\r\ntrying to keep the load disruption on the machine to a minimum.\r\n\r\nReplace the variable exploit with the code to be replaced. By default, \r\nthis script starts at the current directory. max_load controls our five\r\nsecond sleep until the load drops.\r\n\r\n\"\"\"\r\n\r\nimport glob\r\nimport os\r\nimport re\r\nimport time\r\n\r\npath = '.'\r\nmax_load = 10\r\n\r\nexploit = \"\"\"\r\n<script>var i,y,x=\"3cblahblahblah3e\";y='';for(i=0;i\r\n\"\"\".strip()\r\n\r\nfile_exclude = re.compile('\\.(gif|jpe?g|swf|css|js|flv|wmv|mp3|mp4|pdf|ico|png|zip)$', \\\r\n re.IGNORECASE)\r\n\r\ndef check_load():\r\n load_avg = int(os.getloadavg()[0])\r\n while load_avg > max_load:\r\n time.sleep(30)\r\n load_avg = int(os.getloadavg()[0])\r\n\r\ndef getdir(path):\r\n check_load()\r\n for file in os.listdir(path):\r\n file_path = os.path.join(path,file)\r\n if os.path.isdir(file_path):\r\n getdir(file_path)\r\n else:\r\n if not file_exclude.search(file_path):\r\n process_file(file_path)\r\n\r\ndef process_file(file_path):\r\n file = open(file_path, 'r+')\r\n contents = file.read()\r\n if exploit in contents:\r\n print 'fixing:', file_path\r\n contents = contents.replace(exploit, '')\r\n file.truncate(0)\r\n file.seek(0, os.SEEK_SET )\r\n file.write(contents)\r\n file.close()\r\n\r\ngetdir(path)\r\n<\/x><\/pre>\n