Followiframe injections are common in unsecured webservers.
Usually it will affect the whole domains which are hosted in the server.
Using the following script you can remove the injected iframe from your webserver.
=================
find /home \( -name “*.php” -o -name “*.html” -o -iname “*.htm” \) -exec grep -l “a5i.ru” {} \; -exec sed -i “/”a5i.ru”/d” {} \;
=================
The above command will remove the line which contains the word ” a5i.ru ” . The command will search all the files under /home
Its better to take the necessary backup before running the above scripts. ( Its worked fine in the test environment )
The basic steps that is to be done to prevent this type of attack in future are
1) Scan your server periodically and check for rootkits and vulnerablilities.
2) Update all the 3rd party softwares to the latest version
3) Make sure your ftp paswords are updated
4) Make sure appropriate file permissions are used for every file and directory on the web server.
5) Also make sure your local machine is free from viruses and trojans.
Recent Comments