Web Analytics Made Easy -
StatCounter Mass find and replace script - CodingForum


No announcement yet.

Mass find and replace script

  • Filter
  • Time
  • Show
Clear All
new posts

  • Mass find and replace script

    Does anyone know of a PHP script or other scripting method which can be used as a mass find and replace? My site was recently hacked and a simple iframe code was added to about three thousand documents on the server. I’m looking for a script or something that can be executed on the server which will do a mass find and replace (find iframe code, replace with nothing). Other than that, I’m not sure what I’ll be able to do with my site!

    (Also, I’m aware of programs that act like text-editors and can do this, but I need something that functions on the server, rather than locally.)

    Hope someone can be of assistance!


  • #2
    I'd make sure you've got a backup, and this will only work if it's a *nix server, but using the sed command is one option:

    find * -exec sed -i 's/<iframe text here>//' {} \;

    'find *' simply finds all files from the current location downwards (so run the command from your web-root)
    -exec is an option to find that tells it to do something to each file it finds
    in this case, we want to run sed on it
    -i tells sed to edit the file itself, otherwise it will create a copy (I think)
    the 's/a/b/' syntax tells sed that all occurences of 'a' should be replaced with 'b'. The iframe text you want replaced is your 'a', and nothing (hence the //) is your 'b'. 'a' can either be literal text, or a regular expression.
    the {} is the placeholder for the filename the -exec is happening on, and the \; is the end of the exec command.

    Again, make a backup before attempting this, due to the likelhihood of your iframe-text containing 'special' characters, a regular expression might actually be easier to use than the literal text.
    My thoughts on some things: http://codemeetsmusic.com
    And my scrapbook of cool things: http://gjones.tumblr.com


    • #3
      Thanks so much for the response! And I'm sorry to display my coding ignorance, but would I just save that code (with the <iframe text in here> replaced with the actual iframe text) as a PHP document in the root of the server ie. massremoval.php, and then go to the page in the browser to excecute it?

      Sorry again for my ignorance, i'm just trying to undo this stupid hacking!

      Also, the only documents affected were php docs. Do I somehow need to express (in the brackets, perhaps?) that it is to only search in php docs? It doesn't really matter, it can run over the whole server, but it would be cleaner to tell it to limit the replace to PHP.

      Finally, if I tell it to remove <iframe height=1 width=1 src="spyware1-1-1.biz></iframe>, will it just remove that code, or everything that has the word iframe in it. I'd only want it to remove it if it found that EXACT string of code.
      Last edited by Andy14; Oct 7, 2006, 08:31 AM.


      • #4
        that's not PHP code, it is to be run from a command-line and won't work from a web-script unless the webuser has write-access to all the source files (not a particularly sensible thing to have...)
        to make it only operate on php files, change the 'find *' to 'fine -name "*.php"'

        the find/replace will be an exact match, it won't replace all occurences of 'iframe' based on what you posted.
        My thoughts on some things: http://codemeetsmusic.com
        And my scrapbook of cool things: http://gjones.tumblr.com


        • #5
          Awesome, so this is the code I would run from the command line?

          find -name "*.php" -exec sed -i 's/<iframe width="1" height="1" src="http://1109226593/kav/index2.php" style="border: 0;"></iframe>//' {} \;
          Thanks again for all your help!


          • #6
            the /s within the pattern to match will need to be edited to be \/ (as otherwise, sed will think it's the end of the match)
            My thoughts on some things: http://codemeetsmusic.com
            And my scrapbook of cool things: http://gjones.tumblr.com


            • #7
              is this an IPB forum? if so, have you checked your Wrapper for that iframe code? i've had this happen to me many times on an IPB board. i actually got so fed up with it i added a code to the wrapper change script to strip <iframe>s and also if the user (we have 6 admin-enabled accounts) is not ME, it will tell them to go away and log them out.


              • #8
                how to run command line scripts?
                i used putty to login ssh and tried this code but it is not working.i have to edit multi line code on my whole server. any body help me?