IFrame website hacks on the increase

Lately we’ve seen an increasing volume of customers with hacked websites, the majority having been compromised with the “IFrame Hack”. It’s not just us – most web hosting companies across the globe are reporting a massive increase in iframe attacks.

This involves the hacker “injecting” some malicious code into your site (normally on all your “index” pages) in the form of a hidden IFRAME, which then tries to infect any vistors to your website with various viruses and trojans etc.  Often you’ll maybe not even realise your site is hacked until Google detects the compromise, and starts to display the dreaded “this site may harm your computer” message alongside any mentions of your domain, meaning anyone finding your site via Google will most likley keep well away.

Have you been hacked?

Use this online tool to detect if you’ve fallen victim to an iframe hack:
http://www.unmaskparasites.com/
(note that it’s not a definitive check, but a great starting point).

How did I get hacked?

In most cases, the hacker has simply obtained your FTP login details, and is freely adding the extra code to your pages at will.  FTP details are illegally obtained in a variety of ways, but it’s understood that the sudden increase of these attacks has been caused mainly by the your own PC being infected by one or more trojan viruses, which simply lifts all the FTP details straight out your FTP application of choice, giving them immediate access to your site(s).

How do I fix my site?

The first thing you should do is change your FTP password.  You can do this via your hosting control panel.  Ensure it’s a “strong” password using a mixture of letters, numbers and symbols, and use a mix of lower and uppercase.  Next you should upload a “clean” backup of your site to the server (if you do not have a backup – ask us to help – and review your own backup policy immediately!), overwriting all your files.  Finally, make sure that you do NOT store your FTP details anywhere on your computer – especially not inside any FTP applications (such as CuteFTP, Filezilla etc) or Website Editors or Content Management Systems (such as Dreamweaver etc).  Ensure that any time you connect to your website using FTP or via Cpanel, that you manually type the password each time – do not use anything that connects automatically.

Increase your security

Once you’ve fixed the site, you’ll want to ensure that your own computer(s) is clean, and not at further risk to trojan viruses or keyloggers etc.  Ensure both your anti-virus software, and your firewall software is up to date (if you haven’t got such software installed, do it immediately), and run full system scans regularly.

We also recommend that you enhance your computer’s security by Downloading and Installing Malwarebytes Anti-Malware – a nice (free) utility that from experience we know finds some trojan viruses and other nasties that certain other anti-virus programs miss.
Get it from: http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html
Launch, and Update the product, then run a “quick scan”, and allow it to fully remove any trojans etc that it finds.  Once completed, consider a full scan on your system which will take longer.

 

If you think you’ve been hacked, and want any further help, contact us via the normal support channels.  Do not ignore it!!

Links to similar articles/discussions on this type of hack

http://forums.digitalpoint.com/showthread.php?t=901622
http://www.pcadvisor.co.uk/news/index.cfm?newsid=12422
http://blog.unmaskparasites.com/2009/04/15/malicious-income-iframes-from-cn-domains/
http://www.webmasterworld.com/google/3486931.htm
http://blog.unmaskparasites.com/2009/04/29/another-type-of-iframe-hack-php-exploit/
http://blog.trendmicro.com/another-malware-pulls-an-italian-job/

Other good resources and advice on improving security

http://stopbadware.org/home/security
http://onmycomp.com/onmywordpress-7th-wordpress-security-scan

Share this on social media...