Home
Sign Up Now
Log InFind a Question:
How to Prevent iframe Injection
Aug
12
2010
Hi Amit, today early morning around 4.00AM, i found that 0 people on http://www.andhrapradeshstate.in. It can happen, when Google keep the site in Sand box or Ban. Or it can happen some one hack the site. So, opened my site, to confirm whether my site is working properly, and found ‘Unknown characters at XXXXX.php in line No. 17′.
Earlier also all my sites faced with iframe injection. So, I went to all index files and replaced the original code. I have observed that this iframe virus is deleting letter by letter in the codes. That means if we identify damage lately the deleted characters will be more. Mainly these iframe code are belongs to ‘.cn’ sites. I searched many forums, got information like these iframe virus was introduced by anti-virus people for their busines growth, now SEO people are using these iframe injections to grab the high PR site’s link juice.
And I found prevention methods
i) keep changing cpanel passwords regularly,
ii) ask you hosting people about the security of cpanel, iii)whenever you work with ftp, after that change passwords. So, I have tried to change my cpanel passwords in my cpanel. But it is rejecting. Earlier, my host people done these at their end. But I can’t disturb them whenever I want to change the password. So, I have requested my hosting people to facilitate me to change my cpanel password in my cpanel itself.
And my another doubt How the hosting people can help in these matters? Is there any other better prevention method?
Answer #2
Regarding the hosting companies, we have backend virus scanners and scripts, permissions checkers which keep working in the background but the hackers keep finding ways to get into our servers. No one can help you secure and backup your data even though promised, you need to have your own copies for sure.
loading...
Answer #3
I have added exploit-scanner plugin in this site after experiencing the first iframe attack. It is useful for scanning, and for showing the places, where the iframes are existing in the codes.
i)But is there any plugin / software, which can send alert message immediately when the iframes are injected to our site?
ii) Is there any plugin / software which will automatically reject the iframe injection?
iii)Will WP Security Scan plugin stop the iframe injection? or it will do just scanning like exploit-scanner plugin?
loading...
Answer #4
i)But is there any plugin / software, which can send alert message immediately when the iframes are injected to our site?
I dont think there are any alert plugins which can get this job done.
ii) Is there any plugin / software which will automatically reject the iframe injection?
Most security plugins would notify you in the backend for insecure folders and script problems. Need to find any scripts like the one you asked for.
iii)Will WP Security Scan plugin stop the iframe injection? or it will do just scanning like exploit-scanner plugin?
As i said it wont be able to stop it completely.
loading...
Answer #5
Hi Amit,
Today morning i got a site, which is giving the email alerts code , which will give alerts to our email when the code is attacked. The theory behind the code is simple, it keep on compares the size of index.php file. When it is hacked or iframe injected the size of file will vary. So, it will send the email alert. But i am confusing where to keep that code in our files? please clarify me. The ref site: http://badmalweb.com/bad-mal-web-extracts/bad-mal-web-extracts/injection-hack-detection-method—php-code.html
loading...
Answer #6
The features of that programs are :
1.) Hacker injects code, increasing the file size.
2.) Next request to serve the home page (or other page of your choice) triggers the detector, which compares current file size with that for archived original.
3.) Detector sends email with file mod timestamp to webmaster.
4.) Script replaces hacked file with copy of an archived original, exits.
You need to add the following code on the top of index.php after DOCTYPE declaration and also enter your email address in this code.
function hackDet () {
$tst = “”;
$gzt = “index.php”;
$stat = stat($gzt);
$gzt2 = “refz/x_” . $gzt;
$rstat = stat($gzt2);
$ref = $rstat[size];
$rtim = $_SERVER['REQUEST_TIME'];
$rtim2 = date(“F d Y H:i:s.”, $rtim) . ” Eastern”;
$mtim = filemtime($gzt);
$mtim2 = date(“F d Y H:i:s.”, $mtim) . ” Eastern”;
if ($stat[size] <> $ref)
{
$fw = “index.php”;
$hak = file_get_contents($fw);
$msg = “$gzt has $stat[size] bytes and not $ref as it should.\n\n”;
$msg .= “FILE MOD TIME $mtim: $mtim2\n”;
$msg .= “REQUEST_TIME $rtim: $rtim2\n\n”;
$msg .= “=================\n\n”;
$msg .= $hak;
$msg = wordwrap($msg, 70);
mail(‘ yourn…@yourdomain.comThis e-mail address is being protected from spam bots, you need JavaScript enabled to view it ‘, ‘HACK ALERT’, $msg);
$fr = “refz/x_index.php”;
$str = file_get_contents($fr);
$tst = file_put_contents($fw, $str);
}
return $tst;
}
$tst = hackDet(); // calls the hack detection function
?>
loading...
Answer this Question
You must be Logged In to post an Answer.
Not a member yet? Sign Up Now »
Star Points Scale
Earn points for Asking and Answering Questions!
[1 - 25 
]
[26 - 50 
]
[51 - 500 
]
[501 - 5000 
]
[5001 - 25000 
]
[25001+ 
]
Answer #1
Excellent post with detailed instructions how you removed the iframe injection and prevention tips.
I would also recommend using the plugins listed in this post which can help you for more security.
http://www.amitbhawani.com/blog/remove-harmful-website-warning/
loading...