2

I have been consulted to help with a hacked database which has had lots of link injection in thousands of rows.

The basic format of the link injection appears to always be as follows:

<a href="http://SOME-RANDOM-LINK-HERE.com/" style="text-decoration:none;color:#676c6c">SOME RANDOM TEXT HERE</a>

Essentially I need to delete ALL A tags that contain a style attribute of text-decoration:none;color:#676c6c

I am looking for the fastest solution. Whether it be regular expressions or something else, any guidance is greatly appreciated. Thank you!

danieljkahn
  • 163
  • 6
  • 1
    Please give an example of exactly what you want to delete. – Gordon Linoff Mar 25 '16 at 00:50
  • Why not use an HTML parser and iterate over elements, removing those that are not desirable? Doing this with a regular expression usually leads to very bad outcomes. This is better done in a scripting language like PHP than in MySQL directly. – tadman Mar 25 '16 at 00:55
  • Why not simply restore from backup? You should consider the application and database compromised, restore from backup, and then patch. – Sammitch Mar 25 '16 at 00:56
  • Unfortunately there are no backups. – danieljkahn Mar 25 '16 at 00:57
  • The thing is, are there any hyperlinks in the database that are legit, or you want to remove them all? If all, then you could use REPLACE and get everything from ``. – Funk Forty Niner Mar 25 '16 at 01:00
  • Fred -ii- , yes there are legitimate hyperlinks however the ones that are spam are identified with the specific style attribute of "text-decoration:none;color:#676c6c" – danieljkahn Mar 25 '16 at 01:02

1 Answers1

2

You can look for injected links using this regex.

Regex: <a .*? style="text-decoration:none;color:#676c6c".*?>.*?<\/a>

This will look for <a></a> with style="text-decoration:none;color:#676c6c". This won't touch other links.

Regex101 Demo

You should also check this answer on how to do replace in MySql.

Community
  • 1
  • 1