This blog was recently infected with a eval(base64 malware. This kind of malware use site vulnerabilities to inject a long list of link in the beginning of pages so it theoretically improves those site’s SEO performance.

This kind of strategy is just sad, telling from the perspective of an SEO.

I came up with a nice oneliner to clear all that nasty code. Works great for me. May be useful for others.

find . -name "*.php" -print0 | \
xargs -0 -n 1 grep -l -Z eval.*base64 | \
xargs -0 -n 1 sed -i'.old' '/eval.*base64/ d'