Saturday, March 6, 2010

Fixing CPANEL hacked files

Before I switched to a VPS at linode.com I ran a CPanel server which apparently had some kind of vulnerability which managed to infect every file on the server with a malicious link to 'constellation.ws' I found this clean up method which saved me a lot of time, so I thought I would archive the solution here.

# grep -rl constellations.ws * | sed 's/ /\ /g' | xargs sed -i 's/<iframe src="http:\/\/www.constellations.ws\/index.php" width=1 height=1 frameborder=0 scrolling=NO><\/iframe>//g'