Results 1 to 4 of 4

Thread: iframe spam

  1. #1
    Join Date
    Mar 2009

    Red face iframe spam

    Hi all, i have this problem with my many websites, the problem is that anyone some hacker or a software (most probably) midifies my pages on my server; it adds an iframe with following code:
    HTML Code:
    <iframe width="116" height="171" src="[Link removed - Stephen Philbin - Potentially leads to malicious software]" style="visibility: hidden;">
    after some days. So i have to upload again all of my files after removing this code.

    plz help me if someone can,
    here is the link: [Link removed - Stephen Philbin - Potentially leads to malicious software]
    thanx in advance
    Last edited by Stephen Philbin; 08-22-2009 at 07:37 AM.

  2. #2
    Join Date
    Mar 2004
    You are almost certainly the victim of what's usually referred to as an SQL injection attack; problably the simplest of of all attack methods I've ever seen and, despite also being one of the easiest to stop, also one of the most common. Even huge sites with armies of supposedly "professional" developers have had (and in many cases still have) this hole.

    If this is happening on a site that you've built, then you just need to read up on the subject and rewrite the validation code that processes data submitted by users for insertion into your database. If you're using a system someone else built, then you need to alert them to this problem and possibly switch to a different system (depending on how long it takes for the to plug the hole). If it's happening on a system that you've paid someone money to build for you, then you need to give them a serious blasting for having the audactity to take money off of people in exchange for such a product.
    I'm thuper, thanks for asking.

    It lives! http://www.stephenphilbin.com/ (Well it kinda' does anyway).
    My portable colour selection tool

  3. #3
    Join Date
    Mar 2009
    Thanks for your reply, as i have mentioned already my files are modified not MySQL database, and also i dont have anything that takes data from user and then to database.
    i used the word pages for my files because this problem is with files having complete page not a part or some component; that i include in my pages in PHP. It is not MySQL injection.

  4. #4
    Join Date
    Mar 2004
    Well if actual files in directories on your server are being modified, then it could be almost anything that's allowing someone to do it. It could be that someone has guessed your FTP password (or sniffed it out if you log in over an unencrypted connection), or that one of the many programs installed on your host has an unpatched security hole. Shared hosting can also open up a few potential problems, and people often open up security holes by writing their PHP scripts that allow either a direct attack, or discovery of information that could be used to make an attack possible.

    The first place you should start looking is in your server's log files. See if there's a record of when the files containing the Iframe code was put in the directory on your server and what put it there. See if you can find any clues as to how this is being done. Or if you do not have access to your logs, tell your hosting provider about the problem and to check the logs for you.
    I'm thuper, thanks for asking.

    It lives! http://www.stephenphilbin.com/ (Well it kinda' does anyway).
    My portable colour selection tool

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
HTML5 Development Center



X vBulletin 4.2.2 Debug Information

  • Page Generation 0.08895 seconds
  • Memory Usage 2,865KB
  • Queries Executed 15 (?)
More Information
Template Usage (33):
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_global_above_footer
  • (1)ad_global_below_navbar
  • (1)ad_global_header1
  • (1)ad_global_header2
  • (1)ad_navbar_below
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)ad_thread_first_post_content
  • (1)ad_thread_last_post_content
  • (1)bbcode_html
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)headinclude_bottom
  • (4)memberaction_dropdown
  • (1)navbar
  • (4)navbar_link
  • (1)navbar_moderation
  • (1)navbar_noticebit
  • (1)navbar_tabs
  • (2)option
  • (4)postbit
  • (4)postbit_onlinestatus
  • (4)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available (6):
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files (26):
  • ./showthread.php
  • ./global.php
  • ./includes/class_bootstrap.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/functions_navigation.php
  • ./includes/class_friendly_url.php
  • ./includes/class_hook.php
  • ./includes/class_bootstrap_framework.php
  • ./vb/vb.php
  • ./vb/phrase.php
  • ./includes/functions_facebook.php
  • ./includes/functions_calendar.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_notice.php
  • ./packages/vbattach/attach.php
  • ./vb/types.php
  • ./vb/cache.php
  • ./vb/cache/db.php
  • ./vb/cache/observer/db.php
  • ./vb/cache/observer.php 

Hooks Called (73):
  • init_startup
  • friendlyurl_resolve_class
  • init_startup_session_setup_start
  • database_pre_fetch_array
  • database_post_fetch_array
  • init_startup_session_setup_complete
  • global_bootstrap_init_start
  • global_bootstrap_init_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • load_show_variables
  • load_forum_show_variables
  • global_state_check
  • global_bootstrap_complete
  • global_start
  • style_fetch
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • strip_bbcode
  • friendlyurl_clean_fragment
  • friendlyurl_geturl
  • forumjump
  • cache_templates
  • cache_templates_process
  • template_register_var
  • template_render_output
  • fetch_template_start
  • fetch_template_complete
  • parse_templates
  • fetch_musername
  • notices_check_start
  • notices_noticebit
  • process_templates_complete
  • friendlyurl_redirect_canonical
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • memberaction_dropdown
  • tag_fetchbit
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • build_navigation_data
  • build_navigation_array
  • check_navigation_permission
  • process_navigation_links_start
  • process_navigation_links_complete
  • set_navigation_menu_element
  • build_navigation_menudata
  • build_navigation_listdata
  • build_navigation_list
  • set_navigation_tab_main
  • set_navigation_tab_fallback
  • navigation_tab_complete
  • fb_like_button
  • showthread_complete
  • page_templates