Posted By

gingerbeardman on 08/24/09


Tagged

iframe hack command Bash search replace injection line ssh safe removal malware browsing


Versions (?)

Who likes this?

1 person have marked this snippet as a favorite

gingerbeardman


commands to remove code that was added as a result of an iframe injection


 / Published in: Bash
 

Be sure to backup your data! Also be sure to secure whatever broken PHP allowed this to happen.

First command can be used to search for affected files. Second command to does search and replace on matched iframe text only.

Adjust contents of iframe to suit, here it is: statanalyze.cn

Originally from: http://wordpress.org/support/topic/281767?replies=25#post-1184090

  1. # FIND
  2. find . -type f | xargs grep -l '<iframe.*statanalyze.cn.*iframe'
  3.  
  4. # REPLACE
  5. find . -type f -exec sed -i 's/<iframe.*statanalyze.cn.*iframe>//g' {} \;

Report this snippet  

You need to login to post a comment.