1
aixos
Hackers “Iframe Attack“!? - CHECK ALL YOUR INDEX FILES!!!
  • 2009/9/11 8:51

  • aixos

  • Just popping in

  • Posts: 79

  • Since: 2004/12/31


Hi,
lately, a group entering the site and change the index.php and put an iframe, also changed the index.php of all modules, so it does not work anywhere.

Here I leave an interesting comment I've seen

¿Change index files from exterior?

The first step in controlling infection is to change the password to our server and locate the malicious file that causes the infection. To do this, look for files. Php or. Js not corresponding to any of our web server. In case of not knowing how is the code of your website and not know all the files, you can download via ftp all files and analyzed with anti-spyware programs like "ccApp", "SuperAntiSpyware" or antivirus installed on your computer . Once the analysis made sure that detects a malicious file that we have to remember which folder is to remove it from our ftp server.

The next step is to search for all files and remove the malicious code inserted in the form of Iframe. To do what is best to use the downloaded files on your computer from our server, and use a windows browser that enables searching within files such as the "Google Desktop". When searching, we will look at all files containing "Iframe =" and check one by one if we want or an iframe which corresponds to malicious code.

Once cleaned all files, overwriting the climb to the old server and we will monitor the infected web pages. To do so delete the cache of browser you use, go to certain pages that have a code that are quite different on our server, go to the menu of your browser and view the page source code. If the bottom of the page we see any expression as iframe src = "http://some_hackers_site.com" means that we have to clean up the site.

This type of infection sites is increasing and must be avoided since prolonged infection can spread. There are very important sites that have been infected with this system and there is only a system to prevent this infection, it is 100% safe to use applications, but it is clear that 100% sure there is nothing.

PD: translated by google

Edit by Ghia: replaced example URL

2
ghia
Re: Hackers “Iframe Attack“!? - CHECK ALL YOUR INDEX FILES!!!
  • 2009/9/11 9:28

  • ghia

  • Community Support Member

  • Posts: 4953

  • Since: 2008/7/3 1


Very good reading and sums up very good all points to observe and all actions to take.

I take regulary a backup of the site and do then a review of all changes with a difference check for files and db with the previous backup.

Login

Who's Online

295 user(s) are online (225 user(s) are browsing Support Forums)


Members: 0


Guests: 295


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits