Recovering from iFrame Injection Hack
If you ever detect signs of iFrame injection attack on your website, follow these steps to try to undo the damage:
Make sure to backup your data before you proceed with these steps.
- Search for affected files in your web directory using this command:
find . -type f | xargs grep -l '<iframe.*malware.com.*iframe'
find . -type f -exec sed -i 's/<iframe.*malware.com.*iframe>//g' {} ;
Replace malware.com with the real name of the offending website.
Note that the above-mentioned commands will not work if the filenames contain blanks in their names. Use these commands to fix this issue:
find . -type f -print0 | xargs -0 grep -l '<iframe.*malware.com.*iframe'
find . -type f -exec sed -i 's/<iframe.*malware.com.*iframe>//g' "{}" ;