IFrame Injection Hack – Recovery

If you’ve noticed traces of iframe injection attack on your website, you can use the following steps to try reverse the damage.

[alert]Backup your data prior to beginning this procedure.[/alert]

Use the following command to search for affected files in your web directory.

find . -type f | xargs grep -l '<iframe.*malware.com.*iframe'

Next, use the following command to search and replace on matched iframe text only.

find . -type f -exec sed -i 's/<iframe.*malware.com.*iframe>//g' {} ;

Replace malware.com with the actual name of the offending website.

The commands above will not work if you have filenames with blanks in their names. To fix this, use the following commands:

find . -type f -print0 | xargs -0 grep -l '<iframe.*malware.com.*iframe'
find . -type f -exec sed -i 's/<iframe.*malware.com.*iframe>//g' "{}" ;

Was this article helpful?
Spread the word!