Results 1 to 7 of 7
  1. #1
    Join Date
    Jul 2009

    laymans terms - iframe attack

    can someone please advise in laymens terms where a iframe attack derives from. vulnerability from the site or vulnerability on the web hoster. in our case, mosso = web hoster and web coder is advising iframe attack is not from their code but from the hosting provider. Surprisingly enough, apparently it was the wordpress files. not the primary..
    Last edited by mobiledynamics; 08-28-2009 at 12:01 AM.

  2. #2
    Join Date
    Apr 2001
    Montana USA
    in our experience, neither the site nor the hoster, at least for this recent round of iframe issues.

    The website owner or his web designer/developer has their HOME computer compromised by malware.

    The malware listens for their next FTP update, and captures the credentials.

    The malware broadcasts the credentials to a criminal botnet.

    The botnet wakes up and starts adding iframe code to many different websites, via FTP.

    There are other ways to end up with malicious iframe code embedded in your website, but this is the pattern we're seeing. Many FTP logins to accounts, from dozens or sometimes hundreds of different IP addresses, all at once.
    John Masterson
    Former Hosting Company Owner

  3. #3
    There is nothing special that can be done to remove iframe coded added but you have to remove them using some script.. First you can run clamav to check which files are infected and later run a shell script to replace the iframe code with blank ..

  4. #4
    Join Date
    Jul 2007
    You can have mod_security or Applicure's DotDefender for Apache installed on the server if you are running a linux server and Upload Guardian. These will help in reducing the iframe attacks on the server. For IIS, you can go for Applicure's DotDefender for IIS.
    Prashant T.

    Don't run after Success. Run after Excellence and Success will soon follow.

  5. #5
    Join Date
    Apr 2001
    Montana USA
    But, if the bad guys simply have your ftp credentials (and re-capture them every time you use FTP), then all the server-hardening in the world will do nothing to stop the exploit from happening again and again.
    John Masterson
    Former Hosting Company Owner

  6. #6
    Join Date
    Aug 2006
    Ashburn VA, San Diego CA
    You have to check the logs to see how the attack originated. If it was by FTP it will be obvious in the FTP logs. if it wasn't by FTP, then the security of the server is compromised and requires deep analysis and hardening to prevent future occurrences.
    Fast Serv Networks, LLC | AS29889 | Fully Managed Cloud, Streaming, Dedicated Servers, Colo by-the-U
    Since 2003 - Ashburn VA + San Diego CA Datacenters

  7. #7
    Join Date
    Nov 2002
    Change the offending users password..

    inform the user that they need to do a virus/malware scan.

Similar Threads

  1. How to prevent iframe injection attack?
    By xoleno in forum Hosting Security and Technology
    Replies: 20
    Last Post: 04-17-2010, 05:54 PM
  2. iframe js attack
    By sh4ka in forum Hosting Security and Technology
    Replies: 14
    Last Post: 05-15-2008, 12:06 PM
  3. way to prevent iframe attack
    By vnsg in forum Hosting Security and Technology
    Replies: 4
    Last Post: 11-01-2007, 10:30 AM
  4. iframe attack
    By Eiv in forum Hosting Security and Technology
    Replies: 12
    Last Post: 03-02-2006, 12:23 PM
  5. Laymans Terms
    By WebPuffin in forum Running a Web Hosting Business
    Replies: 0
    Last Post: 04-11-2003, 12:07 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts