It is currently Mon May 21, 2018 12:53 pm

exclude hacker's code from all files

All times are UTC - 6 hours

Post new topic Reply to topic  [ 3 posts ] 
Author Message
 PostPosted: Wed May 04, 2011 6:20 pm   

Joined: Mon Nov 08, 2010 10:39 am
Posts: 17

I need your help urgently as the server has been hacked and I do not have any time to learn of how to remove the hacker's code from all files.
I have attached the code which was added to all files. There are many special characters in this code and it's quite large. It was added in the files sometimes twice.

I do not know sed well to solve this issue with it. How to exclude this piece of code from all files? Using sed, diff/patch or other techniques?

I will appreciate any help. Thanks.

You do not have the required permissions to view the files attached to this post.

 PostPosted: Wed May 04, 2011 10:31 pm   
User avatar

Joined: Sun Jun 27, 2010 12:57 am
Posts: 192
Step 1: Do not say: 'THE server has been hacked'. it was your server, not the one that we are all reading now.
Step 2: Find out how it was hacked. Just removing any unwanted code is nice, but if you don't plug the hole, the hacker can just redo whatever he did again, and again, and again.....
Step 3: The code you've attached is javascript. This is a bash scripting site. The two are completely different.
Step 4: As far as I understand the javascript, it looks to do nothing more than randomly change the colors of things. Annoying, but hardly a great hack.
Step 5: All you need to do to stop the blinky colors is remove one line that starts the mess, near the bottom: try_pick_colors(); You could do that with a simple: sed -i "/^ *try_pick_colors();$/d" *.html or something similar.

 PostPosted: Wed May 04, 2011 10:44 pm   

Joined: Mon Nov 08, 2010 10:39 am
Posts: 17

Thank you for your advice. My English is not very good and I honestly did not want to misuse 'the server' word. I should have explained myself better. I was trying to use sed to replace all unwanted javascript code. You do not need to know this language, it's just a bunch of characters for sed to parse.
I have used
sed -i '/<?php global $ob_starting;/,/@ob_start("ob_start_flush");/d' cleanme.php
to fix the issue. Thank you for your great advice again.

Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC - 6 hours

Who is online

Users browsing this forum: No registered users and 6 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  

BashScripts | Promote Your Page Too
Powered by phpBB © 2011 phpBB Group