Have a Question?

If you have any question you can ask below or enter what you are looking for!

Recovering from iFrame Injection Hack

If you ever detect signs of iFrame injection attack on your website, follow these steps to try to undo the damage:

Make sure to backup your data before you proceed with these steps.

  • Search for affected files in your web directory using this command:
  • find . -type f | xargs grep -l '<iframe.*malware.com.*iframe'
  • Use this command to find and replace only on matched iframe text:
  • find . -type f -exec sed -i 's/<iframe.*malware.com.*iframe>//g' {} ;

Replace malware.com with the real name of the offending website.

Note that the above-mentioned commands will not work if the filenames contain blanks in their names. Use these commands to fix this issue:

find . -type f -print0 | xargs -0 grep -l '<iframe.*malware.com.*iframe'
find . -type f -exec sed -i 's/<iframe.*malware.com.*iframe>//g' "{}" ;

Leave a Reply

You must be logged in to post a comment.