fisle's

How to remove IDDQD Redirect Malware
// malware, PHP

Website is redirecting to iddqd.compress.to when opened from search engine?

Aww dang, you got infected by a redirect malware affecting PHP files!

Have no worries, I've got the fix for you!

The malware operates like this: If referer is a search engine = redirect to iddqd.compress.to. When accessing by just entering the url, the site works just fine. Pretty cheeky eh?

Most of the 'fixing' scripts pretty much broke everything, removed PHP start tags, etc., so I fiddled around and created this one-liner to enter in a folder where the malware resides:

find . -type f -name "*.php" -exec sed -i 's/eval(base64_decode(.*));//g' {} \;

Tada! Nice and safe!

Silly rantings from Full Stack Developer

How to remove IDDQD Redirect Malware document.write(moment("2013-11-25 18:32 +0200", "YYYY-M-DD HH:mm Z").fromNow()); // malware, PHP

How to remove IDDQD Redirect Malware
// malware, PHP