vanutsteen.nl => nerds only A blog on rails, php, computing, my bass guitar and stuff

fixing a hacked site

on in Linux, PHP

One of our Joomla! sites was “hacked” with some stupid script and the fuckers put a iframe in every page :(

But with sed that was fixed in a matter of seconds:

1
find . -type f -print |xargs sed -i 's/<iframe.*iqdoza.ru.*<\/iframe>//g'

OR:

1
find . -type f -print |xargs sed -i 's/<iframe.*.ru.*<\/iframe>//g'

Searching for hacked sites:

1
egrep -lir "<iframe|hacked" /home/*/public_html/*index*

Drawback is that it doesn’t removed the inserted newline :S Because it isn’t the design of sed (wha-evah). Also it doesn’t handle files with spaces in the filename. But that’s only minor because in my case I didn’t have any php or html files with spaces in them :)

script-kiddie

Comments