Cleaning Up a Eval(base64_decode()) Hack

Over the years I’ve had a few people ask me to help fix hacked sites. The most common hack I’ve seen is an Eval(base64_decode(…)) insertion. A single line of code that evaluates to any number of malicious results. The ┬áline is generally inserted into every file of a site. Cleaning out every theme file, plugin file, and core file on a site can be extremely tedious by hand, luckily the power of SSH can save us hours of needless labour.

Connect to your site via SSH, and navigate to the root directory of the affected area. Paste this line into the terminal/command prompt to find all instances of the malicious line and replace it with a blank string.

find . \( -name "*.php" \) -exec grep -Hn "[\t]*eval(base64_decode(.*));" {} \; -exec sed -i 's/[\t]*eval(base64_decode(.*));//g' {} \;

Your terminal will look crazy for a couple of minutes as hundreds of lines of gibberish fly by, but don’t freak out. When it finally comes to a stand still you can run the code again to verify that the code is all gone.


The Big Green Ball Analogy

Over the years I’ve had to explain what I do to a lot of people. More often than not, I’ll have to explain some basic concepts of the languages that I use as well. The web design and development industry is a pretty popular one, and like most tech centered jobs i deal with a lot of jargon and buzz words, and their misuses. Luckily, I ran into a pretty effective analogy in my early days that’s stuck with me as I try to explain to glazed over eyes what the differences are between HTML, CSS, And JavaScript, and how basic web pages are formed.


Switched to Media Temple

Media Temple (mt) Swag

I switched to Media Temple after bluehost’s recent server crash, and received this in the mail from them today. The hand written note, stickers, lanyard, and amazingly comfortable American Apparel shirt have instantly secured my trust in their service department.