Welcome to Linux Forums! With a comprehensive Linux Forum, information on various types of Linux software and many Linux Reviews articles, we have all the knowledge you need a click away, or accessible via our knowledgeable members.
Find the answer to your Linux question:
Site Navigation
Linux Forums
Linux Articles
Product Showcase
Linux Downloads
Linux Hosting
Free Magazines
Job Board
IRC Chat
RSS Feeds
Free Publications

Iframe attacks are very common and are becoming annoying these days. I have seen even famous websites being attacked. I would like to share a few facts about this here.

If your server is infected with virus, google has blocked it again can you fix it or not !!!

This is the words that most of the webhosts hear from their customers these days. Anyway I would like to explain here, how and why
these kinds of attacks are done.


The first point that I would like to share with you is that, it is NOT a server issue.

The main reason for such an attack is either

1. A Vulnerable code.  Most of the websites use CMS such as
wordpress/joomla etc. If they are not updated properly, you are likely
to have attacked.

2. A weak ftp password, that can be easily cracked by bruteforcing.

3. A clinet Pc ( Windows) being infected by virus and this is the most common way I have seen so far.

I am not explaining here the first two methods as they are self explanatory. The third one works as mentioned below.

It startes with a google search. When someone searches for something in google, probably infected websites or even attackers website itself pops up in results.

When the user click on this, his pc gets infected with the virus.

If he is a webmaster, when he tries to upload or edit contents of his website, the virus code is also injected.

So what does this injected code do ?

The basic idea is that an code loads the content of an external site(Virus website) into the site, sets the external content to be
invisible and then overlays the page youre looking at. When you click a link you see on the current page, you are in fact clicking on the
externally loaded page and about to load pretty much whatever the attacker wants.

Thus it propagates from client Pc to Pc.
Got Infected..What to do now!!

If you have a good backup, you are saved. Else you have to contact someone to write some kind of script to remove the injected code. The sad part is, I have seen many hexadecimal code which doesnt have any pattern. In this case it is extremely difficult if your site is having thousands of webpages.

Also, I have seem some attacks, where the original content is replaced. In that case, if you do not have any backups there is no
other way than to contact developer to rebuild the website.

How to Avoid

The basic steps that is to be done to prevent this type of attack in future are

1. Install software from the latest version of the developers site manually.

2. Check this site periodically or use any built in update functions
the script may have to ensure you are running the latest version.

3. Stay up to date with news the developers may post or any exploits posted on security sites such as http://www.securityfocus.com/.
Some times developers just cant patch their software fast enough, some
developers cant even fix the exploits in their software between

4. Use a good antivirus software in your PC. ( Anyway Linux users dont have to worry about this !!!)

Original Article at  http://prajizworld.com/?p=241

Rate This Article: poor excellent
Comments about this article
Spelling mistakes diminish credibility
writen by: Transmogrifox on 2009-12-01 17:07:04
It seems hardly worth my time to read something that provides no way of giving me confidence in the credibility of the author. It could be Joe Linux User's blog with "this is what worked last time I tried a bunch of random stuff I read in a forum"
RE: Spelling mistakes diminish credibility written by Transmogrifox:

Comment title: * please do not put your response text here