Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: Need to remove line of code from 1800+ files

  • Subject: Re: Need to remove line of code from 1800+ files
  • From: Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx>
  • Date: Fri, 05 May 2006 15:12:59 +0100
  • Newsgroups: alt.www.webmaster
  • Organization: schestowitz.com / MCC / Manchester University
  • References: <ubmm52lel9dr3oraj12rb99ehpe8c7trc5@4ax.com>
  • Reply-to: newsgroups@xxxxxxxxxxxxxxx
  • User-agent: KNode/0.7.2
__/ [ Ray E. ] on Friday 05 May 2006 15:02 \__

> A gaming site that runs phpnuke got hacked. They were not up to patch
> on some of the modules.
> 
> The hack inserted one line of code that opens an iframe linking to a
> pay-per-view ad service. The hacker gets $.05 for every page view.
> 
> Anyway, the line was added to the bottom of every index.html and
> index.php file in every directory on the server. There are over 1800
> directories affected.
> 
> Does anybody know where I can get a script that will browse every
> directory and remove every line of offending code? They do have ssh
> access to the server.
> 
> Thanks,
> 
> -Ray

Hi,

Is there any pattern that precedes the stuff that needs to be removed?
Regardless:

Put the following file in a given directory (let us assume the top level of
your home directory):

,----[ global ]
|         # global - execute command in all subdirectories
| 
|         exec 3<&0               # save standard input
|         find . -type d -print | # print all directory names
|             while read dirname
|             do
|                 (cd $dirname
|                 exec 0<&3       # restore standard input
|                 "$@"            # run command
|                 )
|             done
|         exec 3<&-               # close file descriptor
`----

Now run:

,----[ Command ]
| chmod 755 ~/global
`----

Create yet another file:

,----[ remove-junk ]
| # Remove junk
| 
|         find . -maxdepth 1 -type f -name '*.html' -print |
|           while read filename
|           do # print all filenames
|                 (
|                 sed 's/[JUNK]/ /i;' $filename >$filename.xxxxx
|                 mv $filename.xxxxx $filename
|                 # replace output files with original
|                 )
|         done
`----

Replace [JUNK] with what you wish to throw away and again:

,----[ Command ]
| chmod 755 ~/global
`----

Go to the parent directory of where the site or its mirror resides. Execute:

,----[ Command ]
| ~/global ~/remove-junk
`----

Notes:

        * handles the .html suffix only (modify to generalise)
        * ensure pattern does not match any other code which you do not wish
          to have removed.


Hope it helps,

Roy

-- 
Roy S. Schestowitz      | Useless fact: A dragonfly only lives for one day
http://Schestowitz.com  |     GNU/Linux     ¦     PGP-Key: 0x74572E8E
  3:10pm  up 7 days 22:07,  13 users,  load average: 0.52, 0.54, 0.60
      http://iuron.com - next generation of search paradigms

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index