This is extremely useful for
locating files that have been uploaded using an exploit and are still owned by
the nobody user. Note this isn't the solution to cleaning up an exploit, just a
tool to assist in the clean up.
The below command will search all user document root for files owned by nobody and display them on the screen. This is one of the most likely location of uploaded nobody files but its possible for files to be outside this directory. You'll need to adjust the scope of the command where necessary.
The below command will search and delete all files in the users document root that are owned by the nobody user. It's recommended you just do a find first, then if it's clear run the below command:
To delete folders owned by nobody user too, use:
The below command will search all user document root for files owned by nobody and display them on the screen. This is one of the most likely location of uploaded nobody files but its possible for files to be outside this directory. You'll need to adjust the scope of the command where necessary.
find /home/*/public_html -user nobody -print
The below command will search and delete all files in the users document root that are owned by the nobody user. It's recommended you just do a find first, then if it's clear run the below command:
find /home/*/public_html -user nobody -print | xargs rm
To delete folders owned by nobody user too, use:
find /home/user/public_html -user nobody -print | xargs rm -Rf
No comments:
Post a Comment
Thank You:)