Linux - Shell script to remove hack code, Remove Malicious Script

Shell script to remove hack code

Script to remove hack code from your webpage

The below code will help you to remove the malicious script from the server. However you have to edit the script as per your need.

for i in `cat lko_list`; do sed -i.bak.hak
's/<script.**indiasearthday.*wp.*script>//' $i; done

I do linux support for another hosting company and I know there is a problem with hsphere and has nothing to do with passwords. We have this hack all over our servers. If you guys ssh to one of your servers and do

grep -lr 'function ldkban' *  and grep -lr yahoo_counter *

you'll probably find a lot of hacked accounts.

Or if you do a google search for yahoo_counter you'll find thousands of sites with the script and most of them are running on hsphere.

Here are some commands I came up with to remove the malicious scripts if you guys want to use them.

grep -lr tmp_lkojfghx * > lko_list1

for i in `cat lko_list`; do sed -i.bak.hak
's/<?php.*if(!function_exists.*tmp_lkojfghx.*tmp_lkojfghx2.*>//' $i; done

grep -lr yahoo_counter * > yahoo_list

for i in `cat yahoo_list`; do sed -i.bak.hak
'/<script.*Yahoo/{N;N;/counter.*script>/d;}' $i;done

You have to replace the string that has to be searched and replaced in grep coomad and in sed command in the above script.

To remove all of the .bak files do:
find . -name '*bak.hak' | xargs rm -f

then do

chown -R w3calculator:w3calculator *


for i in $(find . -perm 444 -type f); do chmod 644 $i; done

The script is also usually injected into databases. So you'll want to do a
search for yahoo_counter in the databases and remove those as well. I've
already removed mine.

The topic on Linux - Shell script to remove hack code is posted by - Venki

Hope you have enjoyed, Linux - Shell script to remove hack codeThanks for your time

Tech Bluff