Linux - Shell script to remove hack code, Remove Malicious Script
Shell script to remove hack code
Script to remove hack code from your webpage
The below code will help you to remove the malicious script from the server. However you have to edit the script as per your need.
for i in `cat lko_list`; do sed -i.bak.hak 's/<script.*rivergathering.com.*indiasearthday.*wp.*script>//' $i; done
I do linux support for another hosting company and I know there is a problem with hsphere and has nothing to do with passwords. We have this hack all over our servers. If you guys ssh to one of your servers and do
grep -lr 'function ldkban' * and grep -lr yahoo_counter *
you'll probably find a lot of hacked accounts.
Or if you do a google search for yahoo_counter you'll find thousands of sites with the script and most of them are running on hsphere.
Here are some commands I came up with to remove the malicious scripts if you guys want to use them.
grep -lr tmp_lkojfghx * > lko_list1 for i in `cat lko_list`; do sed -i.bak.hak 's/<?php.*if(!function_exists.*tmp_lkojfghx.*tmp_lkojfghx2.*>//' $i; done
grep -lr yahoo_counter * > yahoo_list for i in `cat yahoo_list`; do sed -i.bak.hak '/<script.*Yahoo/{N;N;/counter.*script>/d;}' $i;done
You have to replace the string that has to be searched and replaced in grep coomad and in sed command in the above script.
To remove all of the .bak files do:
find . -name '*bak.hak' | xargs rm -f
then do
chown -R w3calculator:w3calculator *
and
for i in $(find . -perm 444 -type f); do chmod 644 $i; done
The script is also usually injected into databases. So you'll want to do a
search for yahoo_counter in the databases and remove those as well. I've
already removed mine.
The topic on Linux - Shell script to remove hack code is posted by - Venki
Hope you have enjoyed, Linux - Shell script to remove hack codeThanks for your time