Hi, On my index.php files someone is via "hacked" ftp account add code <iframe...> how I can search for that text in all index.php files and change to blank on that site? Im know to connect and to go on root of that site..but how to find that part of code in this files?
There are programs like "Find & Replace" Searches a certain extention or all files in directory to find that phase and replace with the text that you provide. If he is able to do it more than one file then I would presume that its a passwords/username problem. Good luck
Hi, Yeah, password change time I suggest you start by ensuring your FTP accounts don't have access to shell eg http://howtos.linux.com/guides/solrhe/Securing-Optimizing-Linux-RH-Edition-v1.3/chap29sec295.shtml You can look up the "grep" command, "find" and "sed" which should get you started for processing and editing your hacked files back to normal. If you can recover from your backup (usually "tar" command) that might be a good idea too. You will probably have to be very sure how you were hacked and if they left other doors open eg writable directories? There are a few tutorial online on securing linux. I hope it goes better for you. Cheers.