Hi all, i have this problem with my many websites, the problem is that anyone some hacker or a software (most probably) midifies my pages on my server; it adds an iframe with following code:
HTML Code:
<iframe width="116" height="171" src="[Link removed - Stephen Philbin - Potentially leads to malicious software]" style="visibility: hidden;">
after some days. So i have to upload again all of my files after removing this code.
plz help me if someone can,
here is the link: [Link removed - Stephen Philbin - Potentially leads to malicious software]
thanx in advance
Last edited by Stephen Philbin; 08-22-2009 at 07:37 AM.
You are almost certainly the victim of what's usually referred to as an SQL injection attack; problably the simplest of of all attack methods I've ever seen and, despite also being one of the easiest to stop, also one of the most common. Even huge sites with armies of supposedly "professional" developers have had (and in many cases still have) this hole.
If this is happening on a site that you've built, then you just need to read up on the subject and rewrite the validation code that processes data submitted by users for insertion into your database. If you're using a system someone else built, then you need to alert them to this problem and possibly switch to a different system (depending on how long it takes for the to plug the hole). If it's happening on a system that you've paid someone money to build for you, then you need to give them a serious blasting for having the audactity to take money off of people in exchange for such a product.
Thanks for your reply, as i have mentioned already my files are modified not MySQL database, and also i dont have anything that takes data from user and then to database.
i used the word pages for my files because this problem is with files having complete page not a part or some component; that i include in my pages in PHP. It is not MySQL injection.
Well if actual files in directories on your server are being modified, then it could be almost anything that's allowing someone to do it. It could be that someone has guessed your FTP password (or sniffed it out if you log in over an unencrypted connection), or that one of the many programs installed on your host has an unpatched security hole. Shared hosting can also open up a few potential problems, and people often open up security holes by writing their PHP scripts that allow either a direct attack, or discovery of information that could be used to make an attack possible.
The first place you should start looking is in your server's log files. See if there's a record of when the files containing the Iframe code was put in the directory on your server and what put it there. See if you can find any clues as to how this is being done. Or if you do not have access to your logs, tell your hosting provider about the problem and to check the logs for you.
iframe spam
Reply With Quote
Bookmarks