Go Job Hunting at the LQ Job Marketplace
Go Back > Forums > Non-*NIX Forums > Programming
User Name
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.


  Search this Thread
Old 06-05-2007, 09:32 AM   #1
LQ Newbie
Registered: Jun 2007
Posts: 2

Rep: Reputation: 0
sed replace string

Hi all

I am a very novice unix user, i help managing a web hosting server and recently got infected by a worm or malware that introduced several lines in almost all index (htm, html, php, and so on) files of our domains. These string in most cases doesnt affect and doesnt appear on the webs affected but for obvious reasons we would like to clean them.
In another forum i got the following suggestion:

If in infected page attached some links and all of them is identical (i.e. it is something like:

URL(somedomain. com. index .htm)
(spaced since i cant post URls)
then you can use standard nix tools like find, grep or sed and replace this code with something neutral. just search google for "sed delete last string" "sed replace string" or something else.

I have never used this sed command and am not sure if this can help.

Plainl the question is if there would be a command to perform this cleanup and also if you can suggest a way to find the worm or malware that produced this (since clenaning manually doesnt work, because it reappears after a while).


any help would be highly appreciated.

Old 06-05-2007, 10:18 AM   #2
Registered: Jun 2005
Location: Indiana, USA
Distribution: OpenBSD, Ubuntu
Posts: 892

Rep: Reputation: 41
How about:
for x in `find /var/www/htdocs -name 'index.*'`; do
  echo "Working on file: $x"
  sed -i.bak 's|domain.tld/index.htm|mysite.tld/index.html|g' $x
This changes the text "domain.tld/index.htm" to "mysite.tld/index.html" in all files with names starting "index." located beneath /var/www/htdocs. The originals are kept in files with the same name plus a .bak extension.
Old 06-05-2007, 01:31 PM   #3
LQ Newbie
Registered: Jun 2007
Posts: 2

Original Poster
Rep: Reputation: 0
Thanks for the help!

this is working:

for file in /root/abc123a/public_html/coppermine/*
sed 's/' $file > $
mv $ $file
exit 0

Problem is the line for file... gives notice for folders, we need a recursive command to browse all the folders without identifying them separetely.
Old 06-06-2007, 12:21 AM   #4
LQ Guru
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.7, Centos 5.10
Posts: 16,651

Rep: Reputation: 2155Reputation: 2155Reputation: 2155Reputation: 2155Reputation: 2155Reputation: 2155Reputation: 2155Reputation: 2155Reputation: 2155Reputation: 2155Reputation: 2155
The 'find' cmd is recursive.
If the prob keeps re-occuring, you ned to fix that first, even if it means a re-install.
Check the Security forum for tips eg chkrootkit and rkhunter tools, also Tripwire.
You really need to make sure the systems are up to date and keep them that way.
Old 06-06-2007, 02:09 AM   #5
LQ Veteran
Registered: Aug 2003
Location: Australia
Distribution: Lots ...
Posts: 13,485

Rep: Reputation: 1347Reputation: 1347Reputation: 1347Reputation: 1347Reputation: 1347Reputation: 1347Reputation: 1347Reputation: 1347Reputation: 1347Reputation: 1347
Might as well keep all the help in Brisbane ...
Try (watch the backticks);
for file in ` find /root/abc123a/public_html/coppermine/ -iname "*" `


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem using sed to replace string in file umk Debian 12 02-01-2012 08:39 AM
How can I replace this string with another using sed? dave4545 Programming 7 01-27-2006 10:58 AM
Replace substring with SED marri Programming 2 07-09-2005 05:18 PM
[sed] replace string? chuanyung Programming 3 03-11-2004 08:42 PM
problem in perl replace command with slash (/) in search/replace string ramesh_ps1 Red Hat 4 09-10-2003 01:04 AM

All times are GMT -5. The time now is 11:44 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration