1

I often have problem with sites that get hacked. Usualy they end up with inserted script in different files. Is there a way, on linux, to search for this content and automaticaly delte it ? Usualy this content starts with, and ends with something like this. 

<!--2d3965--><script type="text/javascript" language="javascript"> </script><!--/2d3965-->

Would it be possible to use some kind of combination of grep to search for files containing this content and then pipeing it to sed to delete everything from

to

Improve this question

2 Answers 2

Reset to default
2

I wrote such script, it could be useful.

#!/usr/bin/env python import os import sys for infile in sys.argv[1:]: print infile filetmp=infile+'.tmp' BEGIN='<!--2d3965-->' END='<!--/2d3965-->' f = open(infile, 'r') ftmp = open(filetmp, 'w') skip=False for line in f: if BEGIN in line: #print line.partition(BEGIN)[0] ftmp.write(line.partition(BEGIN)[0]) skip=True if END in line: #print line.partition(END)[2] ftmp.write(line.partition(END)[2]) skip=False else: if not skip: ftmp.write(line) #you can add save restrictions here os.rename(filetmp, infile)

You should give:

  1. filename with virus
  2. string, which marks virus begin string

  3. string, which marks virus end

    Don't forget to change permissions back, if file requires it. btw, I think, it's appliable only for text files.

Please test it, and backup before using.

Use it in this way:

python cleaner.py index.html js/jquery.js
Improve this answer
1

I would add this files into subversion or git and automatically compare the official version of this files with the files on the sites on a regular basis. If you see a difference you know you had been hacked and can search for the leak. Meanwhile you then can restore the original file from the versioning tool.

Improve this answer
2
  • Unfortunately I don't think this would work since I have a webhosting server with allot of users. I would need to add all client websites to git for this to work + users usualy change their files too. :( Commented Sep 10, 2013 at 9:40
  • then how do you know whats legitimate and what not? Could your clients add the correct files into git? Advantage for them would be that they also could role back if something bad happens. Commented Sep 10, 2013 at 9:46

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.