Linux: Remove Specific String in Text Files

Webmaster usually can get headache when their website’s static page like HTML, JS and CSS being injected with some kind of malicious code. You will see some iframe tag or source tag inside your HTML coding and some of it has caused your website being classified by Google and Firefox as ‘harmful’.

We called this as XSS attack (cross site-scripting; X means cross) which enable attackers to inject client-side script into the web pages viewed by other users. Usually it caused by permission of your web files is globally writable. You can find out more about this attack at Wikipedia, since here I just showing you some way to find and remove the injected scripts.

I am using following variables:

Infected user: user1
User’s web directory: /home/user1/public_html

1. Usually, you will received a report regards to your website has been listed as harmful or ‘Reported Attack Site’ as below:

2. Click the ‘Why was this site blocked?’ and then you will be redirected to Google Safe Browsing page. This website will tell you what malicious software has been hosted, or being injected into your code. Lets say in this case, the values is rysawek.cz.cc

Continue reading “Linux: Remove Specific String in Text Files” »