Hacked Site - SSH to remove a large body of javascript from 200+ files [closed]
I have been asked to clean a hacked site on apache (php, JS, HTML) which I can do and I have implemented security features, however there is still JS injected into about 2000+ javascript files. The injected code is the same on every page and about 5500 characters long with !'' characters interspersed.
Ideally I'd like to run a SSH command that would find and remove this long code from every page it is on. All of the examples find, grep, sed etc only show it for very short strings with no special characters.
Any help appreciated.
Solution 1:
There's no point to trying to fix the server in-place. Wipe it down to bare metal and re-deploy from source control.
Once someone has gotten into your boxes, there's no way to ensure they're really gone unless you burn it all down. There's certainly no magic command that can figure it out for you.