i f r a m e detected

38 views
Skip to first unread message

londontownhotels

unread,
Oct 16, 2008, 10:36:14 AM10/16/08
to stopbadware
Hello,

We have just now detcted following code on some of our site pages,
which were updated in last couple of days.

<i f r a m e src="http : // ZieF dot pl backslash iraq dot jpg"
width=1 height=1 style="border:0"> </iframe>

I have tried to split the code for safety.

We have uninstalled dreamweaver and reinstalled, as felt that the code
was reloaded every time a page was saved. We are now removing the code
manually by checking each page.

Please advise the dangers of this code for our as well as other's
benefits. And also prevention methods for future.

Thanks in advance....

Madhukar Shah.

UseShots

unread,
Oct 16, 2008, 11:43:51 AM10/16/08
to stopbadware
Hi,

Right now this iframe loads an empty file (for me), but some time ago
it actually loaded malware
http://www.google.com/safebrowsing/diagnostic?site=zief.pl

You didn't specify your site address so I can only guess.
Do you use a database or some scripts to generate web pages on server?
This could be an SQL injection.
So check your database and template files.

Then upgrade to the latest version of whatever third-party website
scripts you use.

And don't forget to check your own computer for viruses and spyware.

Denis
http://UnmaskParasites.com

Anirban Banerjee

unread,
Oct 16, 2008, 11:49:21 AM10/16/08
to stopb...@googlegroups.com
Hi all,
         This domain has been "doing its stuff" for some time now :-)

http://www.malware.com.br/cgi/search.pl?id=VmlydXMuV2luMzIuVmlydXQuYQ==
www.castlecops.com/t190999-daily_catch_may_29.html

Thanks,
-A

--
Anirban Banerjee
Co-Founder Jaalcheck.com
PhD Candidate CSE@UC Riverside

londontownhotels

unread,
Oct 17, 2008, 1:40:26 AM10/17/08
to stopbadware
Hello Denis,

Thanks. Our site is www l t h - h o t e l s dot com. Index page is not
affected, but some inner pages like photogallery have been infected,
and we have started checking and cleaning one by one.

I tried your site tool, and found it useful. Is there any tool, which
will scan full site for this infection, and give list of affected
urls?

We do not use any database, but do use template to create html pages.

We have also formatted 2 PCs which were used to upload html pages, as
further safety measure.

Madhukar Shah

On Oct 16, 8:43 pm, UseShots <goo...@useshots.com> wrote:
> Hi,
>
> Right now this iframe loads an empty file (for me), but some time ago
> it actually loaded malwarehttp://www.google.com/safebrowsing/diagnostic?site=zief.pl

UseShots

unread,
Oct 17, 2008, 4:29:32 PM10/17/08
to stopbadware
Madhukar,

Do you have an SSH access to your server? Your site is on Unix/Linux
so you can try a "grep" command to scan the whole site for given
string.

Denis
http://UnmaskParasites.com

londontownhotels

unread,
Nov 28, 2008, 6:02:22 AM11/28/08
to stopbadware
Hello Denis,

How do we run 'grep' command on the live site? Are there any tools
available which will check full site, page by page. There are about
1200 pages live on server.

If we run the command on local PC, it may not be helpful. Still, how
do we run the command on local PC?

Sorry, but am a non tech person, hence am asking these questions.

Thanks for your help.

Madhukar Shah

SteveW

unread,
Nov 28, 2008, 1:24:11 PM11/28/08
to stopbadware
This page has information about grep, with links to more info such as
command references:
http://en.wikipedia.org/wiki/Grep

If you don't have shell (command line) access on your server, you can
probably run grep from a cron job. It will email the results to you.

A web search will find versions of grep for Windows (or MSDOS, since
it's a command line utility). Some should be free. But Dreamweaver
probably has good search capabilities, for searching within your local
site, so you probably don't need grep on your PC.


On Nov 28, 3:02 am, londontownhotels <londontownhot...@gmail.com>
wrote:
> > Denishttp://UnmaskParasites.com- Hide quoted text -
>
> - Show quoted text -

londontownhotels

unread,
Dec 9, 2008, 4:15:22 AM12/9/08
to stopbadware
Thanks Steve,

Will check as suggested by you.

Regards,

Madhukar Shah
> > > Denishttp://UnmaskParasites.com-Hide quoted text -
>
> > - Show quoted text -- Hide quoted text -

Danish Kamal

unread,
Dec 26, 2008, 12:29:28 AM12/26/08
to stopb...@googlegroups.com
hi,
 
ya you can check your site in local machine also
 
for this you have to install macromedia dreamweaver in your local machine..
 
 
thanks
-danish

Reply all
Reply to author
Forward
0 new messages