fixing a hacked site

October 23rd, 2009 | Linux, PHP

One of our Joomla! sites was “hacked” with some stupid script and the fuckers put a iframe in every page

But with sed that was fixed in a matter of seconds:

find . -type f -print |xargs sed -i 's/&lt;iframe.*iqdoza.ru.*&lt;\/iframe&gt;//g'

OR:

find . -type f -print |xargs sed -i 's/&lt;iframe.*.ru.*&lt;\/iframe&gt;//g'

Searching for hacked sites:

egrep -lir "&lt;iframe|hacked" /home/*/public_html/*index*

Drawback is that it doesn’t removed the inserted newline :S Because it isn’t the design of sed (wha-evah).
Also it doesn’t handle files with spaces in the filename. But that’s only minor because in my case I didn’t have any php or html files with spaces in them

0 comments ↓

There are no comments yet...Kick things off by filling out the form below.

Draft posts

Ivman, backing up, gutsy

Creating a jruby .deb

gnome-do-plugins

Webby: short tutorial

Python & Ruby (what I like and dislike)

Installing Flash Media Server

opensuse 11.0 (vs. ubuntu 8.04?)

Cisco vpn client for linux (Ubuntu Hardy 64 bit)

More bugs in ubuntu

Olie directmeter

last.fm radiostation clients

Streaming to an icecast server

xbmc stuff

Installing roundcube 0.3.1 on Ubuntu Hardy 8.04

Making vpn connection to Microsoft (pptp) under Ubuntu

Installing php's uploadprogress

PHP sessions expiring too quick

Synology & Active directory directory service

fixing a hacked site

0 comments ↓

Leave a Comment

Search

Draft posts

Archives