Announcement

Collapse
No announcement yet.

ifram injection

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • ifram injection

    Hi

    Just had a ifram injection removed from my website.
    Can anyone tell me how it could have got there and what I can do to make sure it does not happen again?

    Thanks

    Colin

  • #2
    Hello Colin,

    Please provide us with the exact domain name which was iframe injected so as to find the exact cause of it. Generally, iframe injections occurs through FTP service.
    Regards,
    Victor Pankhurst,
    Support Team.

    Comment


    • #3
      Site is mrfuzzy.co.uk

      Thanks

      Colin

      Comment


      • #4
        Hello,

        Its seems that the index files were downloaded via FTP injected with malicious code and uploaded again.
        I would request you to email us at [email protected], I will provide you with complete logs.

        Regards,
        Nick J.

        Comment


        • #5
          Hi

          Looks like it came from my web guy.

          All back to normal now.

          Thanks for your help

          Colin

          Comment


          • #6
            Originally posted by colin View Post
            Hi

            Looks like it came from my web guy.

            All back to normal now.

            Thanks for your help

            Colin
            Tell him not to visit those xxx websites.
            eUKhost - eNlight Cloud Hosting || eUKhost Knowledgebase
            Toll Free : 0808 262 0255 || Skype : mark_ducadi

            Comment


            • #7
              Often times hackers leave backdoors on websites. They know that the first thing you're going to do is to change the FTP passwords so they leave themselves a way of re-infecting websites after the FTP password has been changed.

              I've found that often times the hackers will "touch" all the files so that you can't just look at the date on the file to determine which files were hacked.

              They, the hackers, typically place a line of code in various php files, or they're create php files with very common names: common.php, data-conn.php, etc.

              One of the most common files we find is in any and all images folders and it's file name is gifimg.php. This file is their backdoor.

              They also insert some php code either in php files or sometimes html files as well. This code usually starts with:

              <?php eval(base64_decode

              We've seen a few cases, usually on Wordpress sites, where this string is used legitimately, however it does give you a good starting point.

              If you need further help, please post back here.
              Thomas J. Raef
              "We Watch Your Website - so you don't have to!"

              Comment


              • #8
                Originally posted by WeWatch View Post
                Often times hackers leave backdoors on websites. They know that the first thing you're going to do is to change the FTP passwords so they leave themselves a way of re-infecting websites after the FTP password has been changed.

                I've found that often times the hackers will "touch" all the files so that you can't just look at the date on the file to determine which files were hacked.

                They, the hackers, typically place a line of code in various php files, or they're create php files with very common names: common.php, data-conn.php, etc.

                One of the most common files we find is in any and all images folders and it's file name is gifimg.php. This file is their backdoor.

                They also insert some php code either in php files or sometimes html files as well. This code usually starts with:

                <?php eval(base64_decode

                We've seen a few cases, usually on Wordpress sites, where this string is used legitimately, however it does give you a good starting point.

                If you need further help, please post back here.
                These can be controlled/avoided by disabling the PHP functions
                Rock _a.k.a._ Jack Daniel

                Follow eUKhost on Twitter || Join eUKhost Community on Facebook

                Comment

                Working...
                X