Web Analytics Made Easy -
StatCounter Remove Malicious Javascript Code From Website - CodingForum

Announcement

Collapse
No announcement yet.

Remove Malicious Javascript Code From Website

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Remove Malicious Javascript Code From Website

    Malicious Javascript code has been inserted into the html pages on one of my huge websites. It is an encrypted string that calls stuff that comes from a .js file on another server.

    I want to use perl regex to remove the javascript code. I usually do regex per line, but in this case it is spread over several lines alongside other code. Since the code begins with an opening javascript tag:
    Code:
    <script language=javascript>
    And ends with the closing javascript tag:
    Code:
    </script>
    I'm thinking that there's probably a way to remove just the javascript code from multiple lines. There is no other javascript in the html pages.

    I would prefer that the script goes through all directories and subdirectories in one pass, but I'm not prepared to think that hard today. If I could just learn the regex, I will just do one dir or subdir at a time, and check it.

    Thanks anyone!

  • #2
    Here's one method. Load the entire file into a scalar and apply this regex
    Code:
    s~<script language=javascript>.+?</script>~~sg

    Comment


    • #3
      Are you on a shared server? do you know how the code has been inserted? even if you get the regex to work (and because it's from FishMonger I suspect you will ) you should try to plug that opening.

      bazz
      "The day you stop learning is the day you become obsolete"! - my late Dad.

      Why do some people say "I don't know for sure"? If they don't know for sure then, they don't know!
      Useful MySQL resource
      Useful MySQL link

      Comment


      • #4
        Originally posted by FishMonger View Post
        Here's one method. Load the entire file into a scalar and apply this regex
        Code:
        s~<script language=javascript>.+?</script>~~sg
        I loaded the file into a scalar. I even tested it by printing it to browser, but I couldn't get your regex to work. I'm sure it works, I'm just not smart enough to use it.

        I finally just used a foreach line regex along with the File:irWalk module, and successfully automated the task to about 5 seconds.

        Thanks for your response.

        Comment


        • #5
          Happend to me too on the ipowerweb servers (shared) a while back. No idea how but I removed the js code by hand, took a while to find all the pages, still hasn't returned.

          Comment


          • #6
            Originally posted by KevinADC View Post
            Happend to me too on the ipowerweb servers (shared) a while back. No idea how but I removed the js code by hand, took a while to find all the pages, still hasn't returned.
            It actually happened on a clients website. It was a shared account. Unix reported a warning awhile back in PureFTP for that account, and I thought it was just another auto update. I checked out the website, and couldn't find anything wrong, so I restarted the FTP server. Guess I should have investigated further. Hard lesson learned I guess.

            Comment

            Working...
            X