find /home/*/domains/*/public_html/cgi-bin/ -iname *.cgi -ls
find /home/*/domains/*/public_html/cgi-bin/ -iname *.pl -ls
find /home/*/domains/*/private_html/cgi-bin/ -iname *.cgi -ls
find /home/*/domains/*/public_html/cgi-bin/ -iname *.pl -ls
find . -type f \( -name "wp-vcd.php" -o -name "wp-tmp.php" -o -name "class.theme-modules.php" -o -name "class.plugin-modules.php" \)
use “find” search text in file
find . -type f -name '*.php' -print | xargs grep 'iframe'
find . -type f -name '*.html' -print | xargs grep 'iframe'
find . -type f -name '*' -print | xargs grep 'iframe'
find . -type f -name '*.php' -print0 | xargs -0 grep -il 'iframe'
use “find” & linux command delete (“Argument list too long”)
find /home/ -type f -iname index.htm -exec rm -fv {} \;
find /home/admin/domains/xxx.com/public_html/cache/ -type f -exec rm -rf {} \;
find /var/spool/exim/msglog/ -type f -delete
#slashroot.in/which-is-the-fastest-method-to-delete-files-in-linux
find /path -maxdepth 1 -user apache -ls -delete
#search file edit last ctime n*24
find /home/user/*/*/public_html/ -ctime -7
use “find” & linux command lists all files of the current tree (.) with newest file shown
find . -type f -printf "%T@ %p\n" | sort -n | awk '{print $2}' | xargs ls -altr
find . -not -path "*/cache/*" -not -path "*/gp/*" -not -path "*/assets/*" -type f -printf "%T@ %p\n" | sort -n | awk '{print $2}' | xargs ls -altr
use “perl” search & replace
#search "cgi=ON" and replace to "cgi=OFF"
perl -pi -e 's/cgi=ON/cgi=OFF/' /usr/local/directadmin/data/users/*/user.conf
perl -pi -e 's/cgi=ON/cgi=OFF/' /usr/local/directadmin/data/users/*/reseller.conf
perl -pi -e 's/cgi=ON/cgi=OFF/' /usr/local/directadmin/data/users/*/domains/*.conf
#search "" and replace to blank
perl -pi -e 's///g' ./*.html
#delete spam/junk email
cd /var/spool/exim/input/
cd /var/spool/exim/msglog/
perl -e 'for(<*>){((stat)[9]<(unlink))}'
use “sed” search & replace
#search "disable = yes" replace to "disable = no" in file "file.conf"
sed -e '/disable/ s/yes/no/' -i /file.conf
#search "mysql_query" replace to "mysql_do_query" and write to "newfile.conf"
sed 's/mysql_query/mysql_do_query/g' > newfile.conf
use “grep” search text in file
grep -iR "_0.mx" /var/log/proftpd/*
grep -iR "cgi-bin" /var/log/proftpd/*
grep -r --include=*.php -e "class.plugin-modules.php" -e "class.theme-modules.php" -e "wp-vcd.php" -e "wp-tmp.php" .
#https://gokhan.ozar.net/blog/removing-malware-from-wordpress/
use “cat” & “grep” search text in file
cat /var/log/proftpd/* |grep "text" |more
cat /var/log/proftpd/* |grep "text" |grep -v "notext"
phpmyadmin
UPDATE tablename SET tablefield = replace(tablefield, "findstring", "replacestring");
du -sh * | sort -h