One of my clients' sites has been hacked, and there is iframe injection in every file. However, the iframe injection is always after the closing </html> tag.

Is there an easy way using Bash to remove everything after the </html> tag using something like sed?

E.g.:

</html>
p
<nofollow><iframe src="http://xxxxx.com/local.html" width="0" height="0" frameborder="0"></iframe></nofollow>
p
<nofollow><iframe src="http://xxxxx.com/local.html" width="0" height="0" frameborder="0"></iframe></nofollow>

Just quit when you hit the line:

sed -i '/<\/html>/q' file

This is what you are looking for:

 sed -i '/<\/html>/,$d;$a <\/html>' yourfile

Updated to delete lines until the end of the file