{"id":396,"date":"2017-05-11T14:34:03","date_gmt":"2017-05-11T06:34:03","guid":{"rendered":"https:\/\/play.datalude.com\/blog\/?p=396"},"modified":"2023-12-22T09:53:13","modified_gmt":"2023-12-22T01:53:13","slug":"command-to-find-all-image-files-which-are-not-really-image-files","status":"publish","type":"post","link":"https:\/\/play.datalude.com\/blog\/2017\/05\/command-to-find-all-image-files-which-are-not-really-image-files\/","title":{"rendered":"Command to find all image files which are not really image files!"},"content":{"rendered":"\n

Quick one this … so you've got a compromised webserver and you want to check the files on it. Many scanning tools will ignore images, but an image might not always be what it seems! Check them all with this command:<\/p>\n\n\n\n

find \/path\/to\/dir -regex \".*\\.\\(jpg\\|png\\|gif\\)\" -exec file {} \\; | grep -i -v \"image data\"<\/pre>\n\n\n\n
If all is good, you won't get any output. If your server is seriously borked, then you might see things like this …<\/p>\n\n\n\n
.\/wp-content\/uploads\/2011\/01\/22.jpg: HTML document, ASCII text<\/p>\n\n\n\n
This is a flag that the image is in fact a PHP file. Investigate!<\/p>\n\n\n\n
If you get this kind of thing,
.\/wp-content\/uploads\/2011\/01\/221.jpg: Minix filesystem, V2, 46909 zones<\/p>\n\n\n\n
its probably a bug in an old version of file,<\/em> so check your OS version, copy the file to a more recent OS and try again.<\/p>\n","protected":false},"excerpt":{"rendered":"
Quick one this … so you've got a compromised webserver and you want to check the files on it. Many scanning tools will ignore images, but an image might not always be what it seems! Check them all with this command: find \/path\/to\/dir -regex \".*\\.\\(jpg\\|png\\|gif\\)\" -exec file {} \\; | grep -i -v \"image data\" … Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_crdt_document":"","footnotes":""},"categories":[1,4,5,137],"tags":[],"class_list":["post-396","post","type-post","status-publish","format-standard","hentry","category-it","category-linux","category-security","category-wordpress"],"_links":{"self":[{"href":"https:\/\/play.datalude.com\/blog\/wp-json\/wp\/v2\/posts\/396","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/play.datalude.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/play.datalude.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/play.datalude.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/play.datalude.com\/blog\/wp-json\/wp\/v2\/comments?post=396"}],"version-history":[{"count":0,"href":"https:\/\/play.datalude.com\/blog\/wp-json\/wp\/v2\/posts\/396\/revisions"}],"wp:attachment":[{"href":"https:\/\/play.datalude.com\/blog\/wp-json\/wp\/v2\/media?parent=396"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/play.datalude.com\/blog\/wp-json\/wp\/v2\/categories?post=396"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/play.datalude.com\/blog\/wp-json\/wp\/v2\/tags?post=396"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}