(apple)mac geek

July 27, 2010

Hacked MediaTemple sites inserting javascript malware

July 27th 2010 Posted to Geekery

One of my friend’s sites recently had some javascript hacked, which cunningly hid the contents of what it wrote to the screen so that searching through the files with normal means didn’t even show what files were affected.

So here’s a script which shows possibly hacked files. Assuming you have ssh access to your server, save it as check_for_hacked_js.sh and then chmod 755 it. To run it, type:

./check_for_hacked_js.sh

Once it’s done, check the contents of hacked.txt – and you’ll see all files which have possibly been hacked.

#!/bin/bash


# This script scearches through all files on the server for

# a certain string which writes some malware javascript to

# client browsers, and then saves the results in a file

# for inspection.
# Written by Roger Saner on 2010.07.15

grep -ri "document.write(unescape" * > hacked.txt

Comments(0)

No comments yet. Be the first.

Search for:
About

Roger Saner is a web platform developer (using drupal, of course), lives in Cape Town, loves Apples, good design and driving past big billboards when they have the nice blue screen of "Fatal exception occured." More...
Pages
- About
- MacGeek
Recent Comments
Twitter Updates
- @JohnElliscoza hmmm...so what are your own creative enemies? And how do you keep on writing songs - what's your secret sauce? 9 hours ago
- @rosslester I for one am glad to see an expression of SA creativity that is...well, unique. And satirical. #DieAntwoord 9 hours ago
- @jndub I will find you and crush you like a bug. Starting at the ^ 9 hours ago
- Sanity… is the new Crazy. http://t.co/ufoPcJg1 9 hours ago
- I need to write an Applescript that will run regex in Pages for a document-wide find and replace. This seems hopeless. Pointers? #help 9 hours ago
del.iciou.us bookmarks
My top posts
- 5 things you didn’t know about me A little about me – not as geeky as I claim! 0
- Apple boot keys The different keys you can hold down when a Mac boots up. 0
- Depressing …that I <i>have</i> to reboot my Mac about twice a month. *sigh* 0
- Extending my iBook desktop iBooks only let you “mirror” your display. Here’s how to create an extended desktop. 0
- Fluckr An individual who doesn’t reciprocate you as a friend on any social network 0
- Getting gmail through your mail program Gmail allows pop access – here’s how to set it up. 0
- Getting Telkom ADSL to work – in 7 days All the tips to install ADSL yourself, without paying Telkom to do it. You could even get it up and running in 2 days! 0
- Manually add trackbacks with the Whizbang Standalone Trackback Pinger! 0
- Resetting spotlight Mac users love spotlight. Here’s how to reset it if the spotlight database blanks itself. 0
- Resetting Windows Passwords Locked out of Windows becuase you can’t remember your password? This shows you how to log in again. 0
I've met:
Spam Blocked

233,672 spam comments

blocked by
Akismet
Archives

July 27, 2010

Hacked MediaTemple sites inserting javascript malware

No comments yet. Be the first.

Leave a reply

About

Pages

Recent Comments

Twitter Updates

del.iciou.us bookmarks

My top posts

I've met:

Spam Blocked

Archives