How To Find (and Replace) "^@" Control Characters In Files
Apr 28, 2009
I have an odd problem... after transferring several hundred .php files to one of our servers we noticed that the browser was showing "?" output only.
When I open the file in "vi" (we're running centos 5.x), I can see this at the end of the file:
^@^@<?php //comment goes here ?>
I highlighted in red bold the problem text. If these four characters are removed from the file (edited out manually using vi) then the file displays and works correctly.
However.. there are several hundred of these files, and some have the problem and some don't.
I've tried everything I know to find which files contain the problem, but so far no luck.
grep -r "^@" .;
grep -r "^@" .;
Basically.. I need to find any instance of these characters and then remove them.
My old VPS was hacked and an iframe html string was added to just about all the files on the server.
I've since then identified the vulnerability and moved to a new host and want to copy the accounts over but wanted to know if there was an easy way to search all the files for this html code and delete it?
For example, search all files for <iframe etc etc> and delete it?
I know this is probably rather simple...but I have no idea how to do it.
I have anywhere between 80,000 - 90,000 webpages that have a single code into this. Unfortunately at the time the web developer I used didn't use PHP includes. So each .html file has the code in it.
I want a way so I can do a single command either a program or an SSH command can find the syntax in the files and replace it will code I have. Its just a single line of code that is basically for an adsense code, so the pub-blahblahblah etc..
Does anyone know of a SSH command I can use, or a program that will find and replace without manually opening up each file? 80k - 90k of opening files then find/replace will take forever!
I am trying to restore a backup that Parallels Plesk made (latest version) and I used to get the option at some point to replace everything. Now, I only get the options to select what I want to restore and it fails because it says certain things, domains, content is already there.
I can't find the option anymore that allows me to say replace everything during the backup. Was that removed? If so, I'd really....really like it back.
Warning: Failed deployment of domain localhost.localdomain Warning: Execution of /usr/local/psa/admin/plib/api-cli/domain.php --create localhost.localdomain -owner admin -do-not-apply-skeleton -notify false -guid 4fe5de63-3103-4fa0-a01c-04894e167107 -vendor-guid 75b2fa01-6c6e-4cb2-8f1b-9c69757fd3ec -creation-date 2014-02-13 -ip 220.127.116.11 -ignore-nonexistent-options failed with return code 1. Stderr is An error occurred during domain creation: There are no available resources of this type (domains) left. Requested: 1; available: 0.
Question 1 I had a script create a backup of every file on my site using the following format "filename.php.bac". I want to delete these files now and I tired to use "rm *.bac" but that only deleted the files in the current directory. How can I delete ALL those files in EVERY directory and sub-directory starting at the public_html directory?
Question 2 How can I escape semi-colon's (;) in a perl script? I'm trying to run a search+replace script to update some Analytics code and I have a ton of files to update but for some reason if there is a semi-colon in the find varable, it assumes that it has reached the end of the contents in that variable.
Here is the code. Take a look at the $find variable and you will see extra semi-colon's. How do I tell the script to not treat those semi-colons as the end of the variable? .........
I have a dedicated server, the server itself is secure (as far as I know) and I run lots of my sites from it. I offered a friend hosting for his flash based chat application he built.
Today I was contacted by someone; "Are you the owner of xxxx.net?" so I informed that yes, it was my server and they then showed me an email they'd received from my server. I did a search and apparently someone uploaded mail.php and a couple of files it was using to send out spam based upon a variety of conditions that the other files met. The files contained forenames and surnames, it'd use a forename and a surname then send it to popular free mail services. The email contained ramblings about new world order and promoted a website.
How can I find out how they got the files uploaded to the account and what action can I take? I checked the whois for the domain and have their contact information, however it's a large site so I'm doubtful that the owner did it. I don't want my servers IPs being blacklisted for spam :|
Is there a way to get Apache to tell me which .conf file it is loading at start-up?
There's a box that's misbehaving and Apache is running on port 80 and 8080 on the box... but we can't locate *why* it's running on port 8080. I can't find any Listen 8080 statement in the typical config files. If I knew which config files it was loading, I could go through all of the files in more detail.
ns2.mywebsite.net. IN NS ns1.mywebsite.net. ns2.mywebsite.net. IN NS ns2.mywebsite.net. ns2.mywebsite.net. IN A 18.104.22.168
localhost.ns2.mywebsite.net. IN A 127.0.0.1
ns2.mywebsite.net. IN MX 0 ns2.mywebsite.net.
mail IN CNAME ns2.mywebsite.net. www IN CNAME ns2.mywebsite.net. ftp IN CNAME ns2.mywebsite.net.
After i have restartet named :
service named start
This is the output in /val/log/message
Code: Aug 19 07:54:33 ip-208-109-108-10 named: starting BIND 9.3.4-P1 -u named -c /etc/named.caching-nameserver.conf -t /var/named/chroot Aug 19 07:54:33 ip-208-109-108-10 named: found 2 CPUs, using 2 worker threads Aug 19 07:54:33 ip-208-109-108-10 named: loading configuration from '/etc/named.caching-nameserver.conf' Aug 19 07:54:33 ip-208-109-108-10 named: listening on IPv6 interface lo, ::1#53 Aug 19 07:54:33 ip-208-109-108-10 named: listening on IPv4 interface lo, 127.0.0.1#53 Aug 19 07:54:33 ip-208-109-108-10 named: command channel listening on 127.0.0.1#953 Aug 19 07:54:33 ip-208-109-108-10 named: command channel listening on ::1#953 Aug 19 07:54:33 ip-208-109-108-10 named: zone 0.in-addr.arpa/IN/localhost_resolver: loaded serial 42 Aug 19 07:54:33 ip-208-109-108-10 named: zone 0.0.127.in-addr.arpa/IN/localhost_resolver: loaded serial 1997022700 Aug 19 07:54:33 ip-208-109-108-10 named: zone 255.in-addr.arpa/IN/localhost_resolver: loaded serial 42 Aug 19 07:54:33 ip-208-109-108-10 named: zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN/localhost_resolver: loaded serial 1997022700 Aug 19 07:54:33 ip-208-109-108-10 named: zone localdomain/IN/localhost_resolver: loaded serial 42 Aug 19 07:54:33 ip-208-109-108-10 named: zone localhost/IN/localhost_resolver: loaded serial 42 Aug 19 07:54:33 ip-208-109-108-10 named: zone mywebsite.net/IN/localhost_resolver: loaded serial 2007081900 Aug 19 07:54:33 ip-208-109-108-10 named: /var/named/ns1.mywebsite.net.db:1: no TTL specified; using SOA MINTTL instead Aug 19 07:54:33 ip-208-109-108-10 named: zone ns1.mywebsite.net/IN/localhost_resolver: loaded serial 2007081900 Aug 19 07:54:33 ip-208-109-108-10 named: /var/named/ns2.mywebsite.net.db:1: no TTL specified; using SOA MINTTL instead Aug 19 07:54:33 ip-208-109-108-10 named: zone ns2.mywebsite.net/IN/localhost_resolver: loaded serial 2007081900 Aug 19 07:54:33 ip-208-109-108-10 named: running Aug 19 07:54:33 ip-208-109-108-10 named: zone mywebsite.net/IN/localhost_resolver: sending notifies (serial 2007081900) Aug 19 07:54:33 ip-208-109-108-10 named: zone ns1.mywebsite.net/IN/localhost_resolver: sending notifies (serial 2007081900) Aug 19 07:54:33 ip-208-109-108-10 named: zone ns2.mywebsite.net/IN/localhost_resolver: sending notifies (serial 2007081900)
I have changed at my registrar the DNS adresses to NS1.mywebsite.net and NS2.mywebsite.net, the result is that work only NS1.mywebsite.net:
Code: [url] --> don't work [url] --> work [url] --> don't work
I am being hacked & I don't know how they are getting files on my server. They are doing it on two of my domains, I suspended one and then they got it on the other. My FTP access log does not show anything suspicious..
how can i do a search for all files (probs using regex) of files consisting purely of numbers?
for e.g. find:
53243.php 24353.php 24098.php
(always have 5 numbers).
seems one of my accounts has had some script run which generated a bunch of these in various subfolders, and the php file basically does a callback to www3.rssnews.ws and www3.xmldata.info, which seem to be some sort of spyware servers.
I colo a 1U machine with 2-36gig drives. They're not in RAID, and I have it set to rsync backups to a remote machine on a regular schedule. I have another remote machine functioning as a secondary DNS. Neither of these 2 are on a large upstream pipe. I just bought 2-147gig drives that I'd like to replace the 36g's with. How does this sound for a scenario to accomplish this with little downtime (pre-pardon my noob'ish ways):
1. Do a complete rsync of the filesystem to my remote machine as well as sync the mysql db's (to 1 remote drive).
2. Pop that single rsync'd drive into an external enclosure.
3. Travel to datacenter, once there, plug external drive into laptop and start up a VM that boots off of that drive.
4. Sync again so external drive has the most up-to-date data.
5. Change over IP's from colo to VM on laptop.
6. Shutdown and swap out drives in colo'd box with the new ones.
7. Setup new drives as RAID 1, install OS, then rsync filesystem over from laptop to new drives in colo'd box.
8. Change back IP's.
What am I missing, or is there an easier way without a 2nd colo/dedicated server? Currently, the colo'd machine is using about 1.3Mbit/sec outbound and it's running a low load.
I'm trying to replace my Linux OS with Windows Server 2003, which I already have a license.
I'm talking about OVH Kimsufi XL.
Following support's instructions, I booted my dedicated with netboot, specific with vkvm option.
Then I specified an ftp location, (where there is my "totally working" .iso), and I started the virtual session.
After some mins, a java windows appears, and starts the vnc session.
After usual linux loading, it stops on this :
Code: VFS: Cannot open root device "801" or unknown-block(8,1) Please append a correct "root=" boot option; here are the available partitions: 0300 244198584 hda driver: ide-gd 0301 5245191 hda1 0302 238428687 hda2 0303 522112 hda3
Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(8,1)
I would like to replace my index file every three hours, with a specified file on the server thats in a different folder (someone keeps putting unwanted stuff in my index file) Can someone explain to me how this is done?
I have one customer installed with plesk 11.5 + power pack integrated with mssql 2008 express on his server.But now client want to install Mssql 2008 web edition. Is this possible to replace the express edition with web in plesk panel?
I've got a dedicated server through Liquid Web. I can't say enough about how great the reliability and service has been since I switched over to them a number of months ago.
Nevertheless, with the advent of cloud hosting, I'm intrigued by the idea of paying for what I actually use on a server rather than having way more capacity than I need 90% of the day.
I've looked around here and there's a bit of talk about it but it doesn't seem like folks are scrambling into it and it also appears that the offereings are still relatively immature.
I really don't have the time to devote to tweaking, etc or figuring out something really complicated.
I'll stick to my dedicated server if it means tons of extra work or potential downtime or massive frustration but I wanted to get some feedback from the community about whether or not there are some stable cloud hosting options that are emerging that might be worth considering.
2008-04-06 08:52:32.597ERRORApache Binary Path must be set properly in order replace Apache, fall back to 'Reload on configuration file change'. 2008-04-06 08:52:32.602WARN[configerver:listener] No listener is available for normal virtual host! 2008-04-06 08:52:32.604ERROR[config:template:centralConfigLog] Listener [Default] does not exist 2008-04-06 08:52:32.605ERROR[config:templateHP_SuEXEC] Listener [Default] does not exist 2008-04-06 08:52:32.605ERROR[config:template:EasyRailsWithSuEXEC] Listener [Default] does not exist 2008-04-06 08:52:32.617WARNStandard Edition only support up to 5 Apache vhosts.
I did everything on the litespeed setup I was soppose to found at their wiki site. But still I recieve these errors, LiteSpeed works on my server because httpd is disabled and LiteSpeed is responding to request now.