Help with Find/Replace Javascript Injected Strings in mulitple files
Hi, guys, I'm not a high-end programmer, but I've been trying to write a script to remove all of the b.rtbn2.cn (and b.adserv.cn and any future variation) injected script tags on the server. (Still working on security fixes to prevent it in the future, just need to clean up now.)
My approach is 2 parted. First, make a file listing all of the filenames of infected files. Second, feed that file to a find/replace script. I want this to be a script file I can just run in the future with no modifications.
In March I figured out how to make a file listing all of the infected files and it worked fine, but when I ran it again this month after another malicious script injection, it's only finding the infected files in some of the directories instead of all of them. (If I change the directory to search a specific directory in /home/infecteddirectory then it finds it, but if I run it to search /home it doesn't find any in the above directory at all and I don't understand why. (It found some of the files in sub directories, but not in other sub directories.)
First part: Find all infected files in /home. The first one is the original line from March (worked then but not now) and the second on is the one modified to hopefully find all variations in May:
Either one seems to be finding /home/infecteddirectory1 but then skipping /home/infecteddirectory2. Not sure why it's not listing all files in all subdirectories that are infected, please let me know if you see any scripting errors in the above code. It's like it's only doing a partial recursive and randomly stopping in the middle and saying it's done.
Second Part: I need help getting the sed/while do part to work. It currently doesn't work, but I can't quite figure out why. This first version is only looking for b.rtbn2.cn and not the any variety of b.something.cn. I wanted to get this working and then try to add the variable part, but I'm lost. I would like it just to leave the <script></script> part and take out the src="http://b.rtbn2.cn" part. (I found out if you leave the script tags in then the hacking program doesn't put them back in if it hits again.
Code:
cat infected_files_may2009|while read line ; do sed -i"s#<script src='http:\/\/b\.rtbn2\.cn\/E\/J\.JS'>##g" $line ;
Any help getting this to work would be greatly appreciated. I did search the boards, but didn't find an example close enough for me to follow.
Hi Everyone,
I want to find this 2 strings in a single line a file and replace the second string.
this is the line i need to find
<param name="user" value="CORE_BI"/>
find user and CORE_BI and replace only CORE_BI with admin
so finally the line should look like this.
<param... (5 Replies)
I am looking for a sed in which I can recognize all of the text in between two indicators and then replace it with a place holder.
For instance, the 1st indicator is a list of words "no|noone|havent" and the 2nd indicator is a list of punctuation ".|,|!".From a sentence such as
"noone... (3 Replies)
Hi,
following Perl code i used for finding multiple strings and replace with single string.
code:
#!/usr/bin/perl
my @files = <*.txt>;
foreach $fileName (@files) {
print "$fileName\n";
my $searchStr = ',rdata\)' | ',,rdata\)' | ', ,rdata\)';
my $replaceStr =... (2 Replies)
I have a virtual pdf printer set up on my server which produces files with the following prefix:
smbprn_00000044_Microsoft_Word_-_OriginalFilename.pdfthe number in the center of the file increase by one for each new file.
I want to remove all the charaters infront of OriginalFilename.pdf using... (14 Replies)
Hello all,
I am trying to make a script that will apply a substitution to any number of files given on the command line.
Example would be
~/Unix/script/subst car boat myFile1.txt myFile2.txt myFile3.txt
This is the code I have so far but it does not function as needed.
PAT=$1
shift... (10 Replies)
Hi There...
I need to serach and replace strngs in a text file.
My file has;
books.amazon='Let me read'
news.bestseller='xyz'
expected output is
books.amazon=NONFOUND
news.bestseller=NONFOUND
Can I first find the text between string1= books.amazon=' and string2= ' (locate the text... (1 Reply)
Hi All,
Iam new to unix, I need to find string and replace it in the file name. Like
text_123_0.txt,text_123_1.txt,text_123_2.txt. I need to search 123 and replace it with 234 . Is there any unix command to replace them in single command since i have 5 directories. So i need to go each and every... (0 Replies)
Friends,
I have a file with contents like:
interface Serial0/4/0/0/1/1/1/1:0
encapsulation mfr
multilink
group 101
interface Serial0/4/0/0/1/1/1/2:0
encapsulation ppp
multilink
group 101
I just have to repace mfr with ppp and ppp with mfr in a single shot.
I tried using... (4 Replies)
Hi all,
I have mistkanely gzipped twice an entire folder and sub folders, and also renamed the files during that process.
I am trying to undo this, and I need help to create the batch to work on it.
All folders are under my images directory, I have a output.txt file that holds all the... (1 Reply)
experts,
i am using solaris 9. there are serveral *.log files in a directory "/var/alllogs/". Among the files one or several files contain the string "0198634873".
I want do-
cat *.log | grep "0198634873"; And want to see which Files(file_name) contain that string. Plus output will go to a... (3 Replies)
