NSDesign Web Design and Hosting
NSDesign Blog
interesting thoughts on web design, social media, hosting, seo and other stuff...

Posts Tagged ‘security’

IFrame website hacks on the increase

Saturday, May 9th, 2009

Lately we’ve seen an increasing volume of customers with hacked websites, the majority having been compromised with the “IFrame Hack”. It’s not just us – most web hosting companies across the globe are reporting a massive increase in iframe attacks.

This involves the hacker “injecting” some malicious code into your site (normally on all your “index” pages) in the form of a hidden IFRAME, which then tries to infect any vistors to your website with various viruses and trojans etc.  Often you’ll maybe not even realise your site is hacked until Google detects the compromise, and starts to display the dreaded “this site may harm your computer” message alongside any mentions of your domain, meaning anyone finding your site via Google will most likley keep well away.

Have you been hacked?

Use this online tool to detect if you’ve fallen victim to an iframe hack:
http://www.unmaskparasites.com/
(note that it’s not a definitive check, but a great starting point).

How did I get hacked?

In most cases, the hacker has simply obtained your FTP login details, and is freely adding the extra code to your pages at will.  FTP details are illegally obtained in a variety of ways, but it’s understood that the sudden increase of these attacks has been caused mainly by the your own PC being infected by one or more trojan viruses, which simply lifts all the FTP details straight out your FTP application of choice, giving them immediate access to your site(s).

How do I fix my site?

The first thing you should do is change your FTP password.  You can do this via your hosting control panel.  Ensure it’s a “strong” password using a mixture of letters, numbers and symbols, and use a mix of lower and uppercase.  Next you should upload a “clean” backup of your site to the server (if you do not have a backup – ask us to help – and review your own backup policy immediately!), overwriting all your files.  Finally, make sure that you do NOT store your FTP details anywhere on your computer – especially not inside any FTP applications (such as CuteFTP, Filezilla etc) or Website Editors or Content Management Systems (such as Dreamweaver etc).  Ensure that any time you connect to your website using FTP or via Cpanel, that you manually type the password each time – do not use anything that connects automatically.

Increase your security

Once you’ve fixed the site, you’ll want to ensure that your own computer(s) is clean, and not at further risk to trojan viruses or keyloggers etc.  Ensure both your anti-virus software, and your firewall software is up to date (if you haven’t got such software installed, do it immediately), and run full system scans regularly.

We also recommend that you enhance your computer’s security by Downloading and Installing Malwarebytes Anti-Malware – a nice (free) utility that from experience we know finds some trojan viruses and other nasties that certain other anti-virus programs miss.
Get it from: http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html 
Launch, and Update the product, then run a “quick scan”, and allow it to fully remove any trojans etc that it finds.  Once completed, consider a full scan on your system which will take longer.

 

If you think you’ve been hacked, and want any further help, contact us via the normal support channels.  Do not ignore it!! 

Links to similar articles/discussions on this type of hack

http://forums.digitalpoint.com/showthread.php?t=901622
http://www.pcadvisor.co.uk/news/index.cfm?newsid=12422
http://blog.unmaskparasites.com/2009/04/15/malicious-income-iframes-from-cn-domains/
http://www.webmasterworld.com/google/3486931.htm
http://blog.unmaskparasites.com/2009/04/29/another-type-of-iframe-hack-php-exploit/
http://blog.trendmicro.com/another-malware-pulls-an-italian-job/

Other good resources and advice on improving security

http://stopbadware.org/home/security
http://onmycomp.com/onmywordpress-7th-wordpress-security-scan

Light up your website with Internet Explorer 8

Thursday, March 6th, 2008

Microsoft presented the first public beta version of their new Internet Browser at the Mix’08 of Las Vegas: Internet Explorer 8.

Here at NSDesign we already started to give it a look and discovered many new interesting features. Apart from a few problems when opening up many tabs together, the browser seems to work pretty well, and the navigation interface, even with the addition of new functionalities, is simple to understand and doesn’t create so much confusion about how to use it.

Two functionalities that we found quite interesting are the crash recovery and the highlighting of the visited URL (to provide more security especially in the case of complex domain names that can trick the user).

 IE8 URL highlighting

These are not only the only new features, there are even more new features that developers can discover, in fact Microsoft, quite late (but never to late for something important like this), decided to pay more attention to the web standards making Explorer strictly standard compliant and other interesting features for developers.

Due to the fact that IE is the most used browser, this is a great news, in the future we are going to see more and more websites developed properly, providing completely accessible information contents. But not all good news come by their own, from another point of view a stricter browser can create some inconveniences to those people who own an old websites or those who have a website structured with not standard code, breaking their websites on the new browser. Explorer 8 offers versioning (backwards compatibility to make a website work like on older browsers versions, like Explorer 7, Explorer 6 and Explorer 5), it is an interesting functionality for a short term solution, but it doesn’t have to be considered a definitive solution to compatibility problems. The best way is always to use the correct standard codes, keeping separated content, structure and style.

Definitely the new Microsoft browser is optimum and can compete with other major ones like the new Firefox 3.