Support

Admin Tools

#26334 Recommendation for WinGrep alternative on a Mac?

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by tampe125 on Wednesday, 19 October 2016 09:06 CDT

Tuesday, 18 October 2016 10:23 CDT

paurray
Hi Akeeba

Referring to the documentation here:

https://www.akeebabackup.com/documentation/walkthroughs/unhacking-your-site.html

I am instructed to use WinGrep?

Is there a suggestion what to use if I am on a mac?

The simpler the better ;-)

thanks

Paul 

Helping you learn beyond your finalBUG

Tuesday, 18 October 2016 10:25 CDT

paurray
ps: Something that I do not have to fire up in the terminal would be great!!!

Helping you learn beyond your finalBUG

Wednesday, 19 October 2016 02:45 CDT

tampe125
Hello,

the simplest solution ever is... use the terminal.
I know you don't like it, but it's the most powerful tool you can find and it will do the job.
Take a look at it, with a simple grep "insert" myfile you can find all the occurrences of the insert word.

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 19 October 2016 02:52 CDT

paurray
Hi Davide

Can you point me towards some kind of step by step tutorial?

I can open the terminal that is about my level of knowledge.

I am guessing that I need to install Grep with the Terminal and then enter code in the terminal.

that is kind of where I am at...

thanks for any tips

Paul

Helping you learn beyond your finalBUG

Wednesday, 19 October 2016 03:07 CDT

tampe125
First of all, you don't have to install it, it comes pre-installed with every Mac (and Linux) computer.

I'd suggest you to take a look at this tutorial, since it seems it's very complete:
http://www.uccs.edu/~ahitchco/grep/

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 19 October 2016 05:27 CDT

paurray
Hi Davide

Thanks for the tutorial it is a big help :-)

I can open the example file in the tutorial with the command line:

open ~/Sites/KillTheVirus-OCT2016/RawACESS/a_file

and search and find “boo” with the command:

grep -n "boo" a_file

Great. So I know that I am able to do this.

But I am still missing something with respect to the Raw Access Log File scenario:

a) The Access Log file that I downloaded is a Zip.

finalbug.net-Oct-2016.gz


b) I can double click on this file which gives me:

finalbug.net-Oct-2016

So far so good?


c) I can right click on this exec file and open it in the Terminal where I do get to see thousands of lines of code in a new window.

Here are the last couple of lines:

/Users/pauldavidmurray/Sites/KillTheVirus-OCT2016/RawACESS/finalbug.net-Oct-2016: line 51447: 216.244.66.243: command not found
/Users/pauldavidmurray/Sites/KillTheVirus-OCT2016/RawACESS/finalbug.net-Oct-2016: line 51448: 216.244.66.243: command not found
/Users/pauldavidmurray/Sites/KillTheVirus-OCT2016/RawACESS/finalbug.net-Oct-2016: line 51449: 216.244.66.243: command not found
/Users/pauldavidmurray/Sites/KillTheVirus-OCT2016/RawACESS/finalbug.net-Oct-2016: line 51450: 216.244.66.243: command not found
logout

[Process completed]

Please advise. Am I on the right track?


After step (c)of the process is complete I see no way of entering a command such as:

grep “insert” finalbug.net-Oct-2016

d) Alternatively I can open the exec file with text editor with a right hand mouse click.

I then duplicate and save this file as:

finalbug.net-Oct-2016-Text-Edit.txt

open ~/Sites/KillTheVirus-OCT2016/RawACESS/finalbug.net-Oct-2016-Text-Edit.txt

I can open this text file in the terminal:

open ~/Sites/KillTheVirus-OCT2016/RawACESS/finalbug.net-Oct-2016-Text-Edit.txt

where I do get to see thousands of lines of code in a new window.

Here are the last couple of lines:

216.244.66.243 - - [17/Oct/2016:14:00:41 +0200] "GET /blog/entry/180-aja-drivers-ioxt HTTP/1.0" 307 242 "-" "Mozilla/5.0 (compatible; DotBot/1.1; http://www.opensiteexplorer.org/dotbot, [email protected])"
216.244.66.243 - - [17/Oct/2016:14:00:42 +0200] "GET /blog/categories/listings/19-paradigm-shift?start=25 HTTP/1.0" 307 251 "-" "Mozilla/5.0 (compatible; DotBot/1.1; http://www.opensiteexplorer.org/dotbot, [email protected])"
216.244.66.243 - - [17/Oct/2016:14:00:43 +0200] "GET /network/badges/achievements/825-liepe HTTP/1.0" 307 242 "-" "Mozilla/5.0 (compatible; DotBot/1.1; http://www.opensiteexplorer.org/dotbot, [email protected])"

After step (d) is finished I can enter:

paurray:~ pauldavidmurray$ grep “insert” finalbug.net-Oct-2016-Text-Edit.txt

Which returns

grep: finalbug.net-Oct-2016-Text-Edit.txt: No such file or directory

I am pretty sure that I am missing some tiny detail which does not seem to be very obvious to me!

Kindly advise

Paul

Helping you learn beyond your finalBUG

Wednesday, 19 October 2016 05:45 CDT

tampe125
You do not need to "open" the file.
After extracting it, you simply have to do inside the terminal:
grep "stringtosearch" finalbug.net-Oct-2016-Text-Edit

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 19 October 2016 05:59 CDT

paurray
Thaks for bearing with me on this.

Ok so it is option (d) then :-o

First attempt with no .txt at end of file:

Last login: Wed Oct 19 12:48:58 on ttys000
paurray:~ pauldavidmurray$ grep "stringtosearch" finalbug.net-Oct-2016-Text-Edit
grep: finalbug.net-Oct-2016-Text-Edit: No such file or directory

Second Attempt with no .txt at end of file:

paurray:~ pauldavidmurray$ cd Sites/KillTheVirus-OCT2016/RawACESS
paurray:RawACESS pauldavidmurray$ grep "stringtosearch" finalbug.net-Oct-2016-Text-Edit
grep: finalbug.net-Oct-2016-Text-Edit: No such file or directory
paurray:RawACESS pauldavidmurray$

Third Attempt

First attempt WITH .txt at end of file:

Last login: Wed Oct 19 12:49:56 on ttys000
paurray:~ pauldavidmurray$ grep "insert" finalbug.net-Oct-2016-Text-Edit.txt
grep: finalbug.net-Oct-2016-Text-Edit.txt: No such file or directory
paurray:~ pauldavidmurray$

Fourth Attempt WITH .txt at end of file:

paurray:~ pauldavidmurray$ cd Sites/KillTheVirus-OCT2016/RawACESS
paurray:RawACESS pauldavidmurray$ grep "insert" finalbug.net-Oct-2016-Text-Edit.txt
paurray:RawACESS pauldavidmurray$

In the Second & Fourth attempt I try and point the Terminal at the exact file path...

This is the exact path for the file copied from the file info window from Path Finder which is like the Finder on Mac OSX:

/Users/pauldavidmurray/Sites/KillTheVirus-OCT2016/RawACESS/finalbug.net-Oct-2016-Text-Edit.txt

Helping you learn beyond your finalBUG

Wednesday, 19 October 2016 08:30 CDT

tampe125
paurray:~ pauldavidmurray$ cd Sites/KillTheVirus-OCT2016/RawACESS

paurray:RawACESS pauldavidmurray$ grep "insert" finalbug.net-Oct-2016-Text-Edit.txt

paurray:RawACESS pauldavidmurray$

This is the correct syntax. For your information, if you hit TAB, the terminal will try to autocomplete the word with the file name.

As you can imagine, we stepped away from Akeeba Backup support, this is something related to how to use the command line and it's out of scope from our support policy.
I hope you can understand.

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 19 October 2016 08:51 CDT

paurray
Hi Davide

Yes I understand that walking me through how to work the terminal is beyond the scope of your support.

Here is the deal.

I can use:

paurray:~ pauldavidmurray$ cd Sites/KillTheVirus-OCT2016/RawACESS

paurray:RawACESS pauldavidmurray$ grep "insert" finalbug.net-Oct-2016-Text-Edit.txt

paurray:RawACESS pauldavidmurray$


result in NOTHING showing but...

paurray:~ pauldavidmurray$ cd Sites/KillTheVirus-OCT2016/RawACESS
paurray:RawACESS pauldavidmurray$ grep "error" finalbug.net-Oct-2016-Text-Edit.txt
148.251.138.39 - - [01/Oct/2016:15:01:23 +0200] "GET /groups/groups/item/4-bugfeedbackopen/albums/item/65-errors HTTP/1.0" 404 10468 "-" "Mozilla/5.0 (compatible; BLEXBot/1.0; +http://webmeup-crawler.com/)"
66.249.66.154 - - [02/Oct/2016:04:00:21 +0200] "GET /network-final-cut-pro-post-production-professionals/groups-learn-post-production-socially-fcpx-and-more/groups/item/4-bugfeedbackopen/albums/item/65-errors HTTP/1.0" 200 7938 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
68.180.231.35 - - [02/Oct/2016:09:18:11 +0200] "GET /network-final-cut-pro-post-production-professionals/groups-learn-post-production-socially-fcpx-and-more/groups/item/4-bugfeedbackopen/albums/item/65-errors HTTP/1.0" 200 7898 "-" "Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)"


and

Last login: Wed Oct 19 15:48:12 on ttys006
paurray:~ pauldavidmurray$ cd Sites/KillTheVirus-OCT2016/RawACESS
paurray:RawACESS pauldavidmurray$ grep "googlebot" finalbug.net-Oct-2016-Text-Edit
23.92.27.23 - - [14/Oct/2016:12:37:43 +0200] "GET /network/profile/42-otherguy HTTP/1.0" 307 243 "https://finalbug.net" "Googlebot/2.1 ( http://www.googlebot.com/bot.html)"
23.92.27.23 - - [14/Oct/2016:12:37:43 +0200] "GET /offline.html HTTP/1.0" 200 436 "https://finalbug.net/network/profile/42-otherguy" "Googlebot/2.1 ( http://www.googlebot.com/bot.html)"
91.200.12.14 - - [14/Oct/2016:17:44:44 +0200] "GET /wp-content/uploads/wp-cache.php HTTP/1.0" 307 243 "http://www.googlebot.com/bot.html" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"


Both return results.

I can only conclude that I am now succesfully searching using Grep in the Terminal but need to be searching for something else!

Is my conclusion correct and if so what should I now search for?

thanks for your patience

Paul

Helping you learn beyond your finalBUG

Edited by paurray on 2016-10-19 08:52 CDT

Wednesday, 19 October 2016 08:56 CDT

tampe125
Yes, you are correctly searching.
As reported in the guide:
What to search? Look for “insert”, “update” and “replace” as these signify a SQL injection attack. If it looks like a SQL command (possibly with comments like /**/ all over the place) it's most likely a SQL injection attack.

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 19 October 2016 09:03 CDT

paurray
Ok thanks Davide again thank you

Wishing you a pleasant day

Paul

Helping you learn beyond your finalBUG

Wednesday, 19 October 2016 09:06 CDT

tampe125
You're welcome!

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!