Some stupid monkeys wasted their and my time infecting one of our websites. Now, it seems that the website has been compromised via ftp and a whole bunch of files have been infected. Having changed the ftp credentials, my idea now was to run find and sed to get rid of the code:
find . -type f -exec sed -i 's/term-to-search-for//g' {} \;
Now I need some help with the regex. The script starts with <script>
then there is some JS-code, then there's always a variable called egbserb
(which is never used elsewhere) and there's the closing tag (</script>
).
Two questions:
script*egbserb*script
(keep it stupid simple), but it didn't work out.Thanks a lot in advance!
Following should help you. (Assumption: I am working on test_regex file)
sed -r -i "s/.*ebgserb.*//g" test_regex
sed -r -i "s/.*split\(\"\&\&\"\).*//g" test_regex