Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 08-19-2009, 11:56 PM   #1
LQ Newbie
Registered: Aug 2009
Posts: 4

Rep: Reputation: 0
Iframe issues

hello everyone

i am suffing form ifame on my linux box and i wonder if there any find and replace command or bash script to replace the whole following code

<iframe src="" width=1 height=1 style="visibility:hidden;position:absolute"></iframe><iframe src="" width=1 height=1 style="visibility:hidden;position:absolute"></iframe>
to none

Old 08-20-2009, 12:00 AM   #2
LQ Guru
Registered: Dec 2006
Location: underground
Distribution: Slackware64
Posts: 7,594

Rep: Reputation: 551Reputation: 551Reputation: 551Reputation: 551Reputation: 551Reputation: 551
Is this an HTML file you want to edit, or do you want to block an IFrame so it doesn't appear in your browser?

Please advise, and if it's the latter, a browser issue, what browser are you using? If it's Firefox or Opera, try AdBlockPlus.
If it's a file you wish to edit, sed should be able to handle it.

Old 08-20-2009, 12:56 AM   #3
Registered: May 2001
Posts: 149

Rep: Reputation: 17
Are you text browsing? You may want to look at elinks... it deals with IFRAMES a bit better than lynx if that's the situation.
Old 08-20-2009, 04:04 AM   #4
LQ Newbie
Registered: Aug 2009
Posts: 4

Original Poster
Rep: Reputation: 0

thanks all for help , this is a malicious or virus hits all the indexes files on server sites

i want to know if there a bash script find and replace it with null or none or remove it from the indexes , because the indexes got infected with this code

for example

i have a command that can find and replace words only , but this code have a symbols like
:// - ;
the command is

find . -type f | xargs perl -pi~ -e 's/oldtext/newtext/g;'
Old 08-20-2009, 05:24 AM   #5
Registered: May 2001
Posts: 29,359
Blog Entries: 55

Rep: Reputation: 3546Reputation: 3546Reputation: 3546Reputation: 3546Reputation: 3546Reputation: 3546Reputation: 3546Reputation: 3546Reputation: 3546Reputation: 3546Reputation: 3546
You'll want to make a backup before starting. Either archive files in a tarball
tar -vcf /tmp/backup_`date +%Y%m%d`.tar `find /path/to/dir -type f -iname \*.htm\* -o -iname \*.php\* -o iname \*.inc`
or copy the files to a backup path
find /path/to/wwwdir -type f -iname \*.htm\* -o -iname \*.php\* -o iname \*.inc | cpio -pdlma /path/to/backupdir
then if you made your backup you can strip tags in place using sed and read back the "/tmp/sed.log" to see what changed (top of my head):
find /path/to/wwwdir -type f -iname \*.htm\* -o -iname \*.php\* -o iname \*.inc | while read FILE; do
 sed -i "s|<iframe.src"=.*"></iframe>||g" "${FILE}" 2>&1 && echo "Stripped "${FILE}""
done | tee /tmp/sed.log
or if you copied files to a backup path you could 'diff' then on the fly to check what changed:
find /path/to/wwwdir -type f -iname \*.htm\* -o -iname \*.php\* -o iname \*.inc | while read FILE; do
 sed -i "s|<iframe.src"=.*"></iframe>||g" "${FILE}" 2>&1 && echo "Stripped "${FILE}""
 diff urN /path/to/backupdir/"${FILE}" "${FILE}" 2>&1
done | tee /tmp/sed.log
and also find those changes listed in the "/tmp/sed.log". As always YMMV(VM).

Also note this only addresses the symptoms and not the cause of the infection, as in an infected mcrsft editing host or running vulnerable PHP-based software or host compromise. Leaving it at changing files will seem carefree and easy but you'll find the "infection" will also spread again and as easy.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
iframe attack on my host Bono Linux - Security 7 08-11-2009 01:46 AM
Squid+iFrame Virus ajayan Linux - Newbie 1 08-03-2009 03:08 AM
A virus changed all my index files with iframe, how to remove that iframe line? Farman Linux - Security 10 07-16-2009 08:40 AM
force iframe content to remain in iframe? frieza Programming 1 09-17-2008 06:29 AM
iframe woes ScottReed Programming 0 07-26-2007 11:04 AM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 06:53 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration