If your blog has been infected by the HTML:Iframe-inf\u00a0 infection according to avast here are two scripts that can help you.<\/p>\n
First What is the HTML:Iframe infection? <\/strong> – Its just a line of text that is inserted at the end of every index.php and\/or index.htm in your website. Nothing to freak out about but you want to fix it. And Its probably due to wordpress not being secure.<\/p>\n Anyways, here is what you do : This is something you run on the commmand line.<\/p>\n The first step is figuring out what is going on with your virus infection.<\/p>\n If you know the time frame of when the virus ran then you could narrow the list of infected files even more by tweaking the find command.<\/p>\n Lets say you know it infected your website about 5 days ago.<\/p>\n Then you would modify the find command to search all files modified less than 10 days ago.<\/p>\n find \/ -type f -mtime -10 | xargs grep -l ‘<iframe’| xargs perl -pi -e ‘s\/^.*\\<iframe.*$\/ \/g’<\/p>\n Here is an explanation of what the script does line by line so you can adjust per your situation.<\/p>\n find \/ -type f -mtime -10 – looks all files that were modified in the last 10 days ( you adjust as needed)<\/p>\n xargs grep -l ‘<iframe’ – of that list of files modified recently look for a line that says <iframe<\/p>\n xargs perl -pi -e ‘s\/^.*\\<iframe.*$\/ \/g’ – search and replace that line with a blank space You can modify the script line by line to<\/p>\n If your blog has been infected by the HTML:Iframe-inf\u00a0 infection according to avast here are two scripts that can help you. First What is the HTML:Iframe infection? – Its just a line of text that is inserted at the end of every index.php and\/or index.htm in your website. Nothing to freak out about but you\u2026 Read More »<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[45],"tags":[],"class_list":["post-177","post","type-post","status-publish","format-standard","hentry","category-referensi"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/posts\/177","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/comments?post=177"}],"version-history":[{"count":3,"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/posts\/177\/revisions"}],"predecessor-version":[{"id":179,"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/posts\/177\/revisions\/179"}],"wp:attachment":[{"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/media?parent=177"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/categories?post=177"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/tags?post=177"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}You will need to find infected files first.
\n<\/strong><\/h2>\nfind \/ -type f | xargs grep -l '<iframe'\u00a0 2>\/dev\/null\r\n\r\nor you could print out a list of files possibly comprimised. \r\n\r\nby typing \r\n\r\nfind \/ -type f | xargs grep -l '<iframe'\u00a0 2>\/dev\/null >infectedFileslist.txt<\/pre>\n
find \/ -type f -mtime -10 | xargs grep -l '<iframe'\u00a0 2>\/dev\/null >infectedFileslist.txt<\/pre>\n
Remove infected text<\/strong><\/h2>\n
<\/pre>\n","protected":false},"excerpt":{"rendered":"