How to Recursively Delete Specific Files

Why did I need to recursively delete specific files you ask? Well, recently one of my clients websites was attacked by malware. As part of the attack the malware had added several files throughout the website file structure with a common filename or extension. I found that all the added files had a common .php5 extension. Looking through the file structure revealed a large number of files that needed removal. Some digging revealed a few linux command line shortcuts to speed up your malware recovery or just remove unwanted files. Putting find to work to remove the unwanted files with a single command.

Warning: These Commands Remove Files Permanently

Before using any of the following commands realize that they are going to delete your files. And as cool as I think they are I have no idea what your setup looks like. So before you run any of them, make sure you have a good, complete, current backup of your data.

Delete files with specific extensions

To remove all the files with a specific file extension, the following examples will set you up. This command will search from the current directory and delete all files with a php5 extension in all subdirectories.

find . -type f -name '*.php5' -delete

Or for clarities sake

find . -type f -name '*.[add your extension here]' -delete

Delete files with a specific filename

If it is a specific filename you are wanting to delete recursively just remove the ‘*.extension’ and replace it with the filename.

find . -type f -name '[insert filename here]' -delete

The following extension will delete all files named “debug.log” recursively through the current folder.

find . -type f -name 'debug.log' -delete

Or maybe you are wanting to delete all the access log files for a nginx from 2018.

find /var/log/nginx/ -type f -name 'access.log-2018*.log' -delete

Usually these commands do what I want. But sometimes I need a command that also has a timeframe

Delete files added within a specific timeframe

After removing all the files with a specific name or extension I decided I needed one more step. So I hunted for a way to find all the files added within the last week. The client discovered the attack just over a week since the last update.

The following command will delete any files beneath the current directory that have been modified within the last 24 hours.

find . -mtime -1 -delete

This command will delete any files beneath the current directory that have been modified within the last 48 hours.

find . -mtime +1 -delete

And this command will delete any files beneath the current directory that have been modified within the last 96 hours. Each additional number adds 24 hours to the check 4, 5, etc. With the first 24 hours implied.

find . -mtime +3 -delete

Combine the two for specific files within a specific timeframe

By combining the commands above you can delete any files ending in .log. Which also sit beneath the current directory that have been modified within the last 96 hours.

find . -mtime +3 -type f -name '*.log' -delete

Those commands saved me a ton of time, and got my client back up and running. Hopefully they can do the same for you.

Here are some of the resources that I used when researching this topic:

• Recursively delete all files with a given extension
• How to search and remove directories on Linux

Want to learn how to copy a file into all subdirectories, check out this post to find out how.