# HELP HELP 15,000 index.html pages hacked!



## freescottsthoughts (Jun 25, 2010)

15,000 index.html have been replaced with a black page with "ByLenis" on them. I been mass hacked. My remeady is to cp index1.html index.html in each directory.

What kind of command will go into each directory and cp index1.html to index.html?

"Each directory has it's own unique index1.html i want to cp to index.html? I know i'll have two pages that will be the same but it's my only hope.

would it be a recursive cp command or a find . -name command or both?

PLEASE I NEED HELP OR 4 MONTHS OF WORK WILL BE LOST!

What would this command be to solve the MADNESS???


----------



## DutchDaemon (Jun 25, 2010)

*Untested, at your own risk.
*
Go to the common root of all your web directories:


```
find . -type f -name index.html | sed 's|/index.html||' | while read dir; do [color="Red"]cp -p ${dir}/index.html ${dir}/index.html.deleted ; [/color]mv ${dir}/index1.html ${dir}/index.html;  done
```

You can skip the red part if you don't want a backup of the index.html you're overwriting.


----------



## freescottsthoughts (Jun 25, 2010)

hey "THANKS" you have helped me before on a situation i had and it worked. I will try this now thank you for your input and much appreciated. Trying now. HERE'S TO SAVE 4 MONTHS OF WORK!!!


----------



## freescottsthoughts (Jun 25, 2010)

(((( OMG IT WORKED!!!!   You just made my whole month!! you don't even know when i seen this i almost threw up.))))

One thing though how do i also keep the other index1.html at the same time so that i have index.html and index1.html in each directory?


----------



## freescottsthoughts (Jun 25, 2010)

looking at the above command it looks like i would change mv to cp to keep the index1.html as well.


----------



## DutchDaemon (Jun 26, 2010)

That's right. Glad it worked.


----------



## Alt (Jun 26, 2010)

Graceful solution =) That is unix power xD


----------



## SirDice (Jun 28, 2010)

One more thing, PLUG THE HOLE THEY USED TO HACK THE BOX!

If you don't, it won't be long until it's hacked again!


----------



## DutchDaemon (Jun 28, 2010)

( so keep that little script around  )


----------



## SirDice (Jun 28, 2010)

Beter yet, backup all your data and reinstall everything from scratch. There's no way to tell if they installed a backdoor or not. After the reinstall don't forget to update!


----------

