Saturday, March 6, 2010

Fixing CPANEL hacked files

Before I switched to a VPS at I ran a CPanel server which apparently had some kind of vulnerability which managed to infect every file on the server with a malicious link to '' I found this clean up method which saved me a lot of time, so I thought I would archive the solution here.

# grep -rl * | sed 's/ /\ /g' | xargs sed -i 's/<iframe src="http:\/\/\/index.php" width=1 height=1 frameborder=0 scrolling=NO><\/iframe>//g'