One of our Joomla! sites was “hacked” with some stupid script and the fuckers put a iframe in every page :(

But with sed that was fixed in a matter of seconds:

1

find . -type f -print |xargs sed -i 's/<iframe.*iqdoza.ru.*<\/iframe>//g'

OR:

1

find . -type f -print |xargs sed -i 's/<iframe.*.ru.*<\/iframe>//g'

Searching for hacked sites:

1

egrep -lir "<iframe|hacked" /home/*/public_html/*index*

Drawback is that it doesn’t removed the inserted newline :S Because it isn’t the design of sed (wha-evah). Also it doesn’t handle files with spaces in the filename. But that’s only minor because in my case I didn’t have any php or html files with spaces in them :)