views:

1021

answers:

7

my site is hosted in lunarpage and it geting hacked in from few month. i have done all things some of site saying (changing password like). finally 2 weeks ago i have blocked all ranges of Chinese ips. but today it again hacked. is there is any way to prevent Iframe hack?

+1  A: 

To stop the hacks immediately, simply remove the feature you are talking about. Then you can come back implement a proper solution without the security hole.

Edit: I thought an iframe element was being exploited, but now I understand that a script/hacker injects an iframe element to redirect clients. I propose you take actions to increase security on the hosting of your web page, such as changing passwords more often and have them generated by a strong pw generator. You could do some searches for iframe hack on yourself.

Cecil Has a Name
sorry what did you mean by "feature you are talking about"
Kombuwa
he thought you meant that you started with an iframe, and that your iframe was getting hacked. I think
Assembler
A: 

What's happening in that iframe? Are you sending some kind of cookies in it? If so you may possibly allow hacking and make it easy for everyone? Please provide some code chunk!

stoimen
+3  A: 

Given your comment

Iframe hack is famos sql injection attack. mainly from .cn domains

  1. Identify SQL injection vulnerabilities in your system
  2. Close them (switching to parametrised queries is a good idea if you haven't already)

You could also use mod_security or similar to try to stop attacks before they get to your web application. I've experienced false positives though (as a user, and only with ASP.NET systems (note this is a tiny sample size)).

David Dorward
+4  A: 

If you're changing your passwords and the site still gets hacked, you might have a virus on your machine. I am not joking, I saw this once.

Just to make sure, request the FTP logs from the hosting (you may see some other machines connecting to your account)

Vlagged
+1 for passwords.
Cecil Has a Name
From experience, this actually accounts for the majority of mysteriously appearing iframes.
A: 

But what if the website is static, which means there isn't any db like stuff. And getting hacked with iframe hack. I didn't but any iframe there but it somehow it addes iframe in it. any suggestions?

A: 

Get a VPS or dedicated server and install Upload Guardian. It can stop iframe uploads in real time.

Steve
A: 

The question isn't so much about the iframe as how it got there and how to get rid of it. I believe what has happened is that you have stored your passwords in your FTP client. You have a trojan on your computer and it mines the passwords from the FTP client and then uploads the iframe to your index file. Also check your 404 file, if you have one. It will likely be there, too.

Here's what you need to do. First, get rid of the trojan on your computer. I suggest looking for this, "PWS:Win32/Daurso.gen!A" and delete it. Then go to your site(s) and remove the iframe from all pages. Next, change all of your passwords. Lastly, do not store the new passwords in your FTP client or anywhere else on your computer.

By the way, don't visit the URL listed in the iframe. It loads a ton of spyware. To get rid of spyware, I suggest using Malwarebytes (free). Use the full scan when you have time. It takes a long time (hours), if you have a lot of files.

Good luck.

Dan