1px iFrame randomly found in code on site.. anyone else experience this?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • trevesty
    Confirmed User
    • Aug 2006
    • 3810

    #1

    1px iFrame randomly found in code on site.. anyone else experience this?

    Hey guys

    Found a 1px iframe with the following URL as the src randomly in the index file of one of our sites.. and code I'd put there earlier missing:

    http://xzas.sytes.net/i/index.php

    Anyone else experience this?
    The Fap Guide
  • helterskelter808
    So Fucking Banned
    • Sep 2010
    • 3405

    #2
    IIRC someone posted about that the other day. Sorry, can't remember who or what thread though.

    Edit: and provided a code that apparently checks other pages for the same problem.
    Last edited by helterskelter808; 01-11-2012, 02:36 PM.

    Comment

    • Klen
      • Aug 2006
      • 32235

      #3
      I think SZYN posted about it.

      Comment

      • trevesty
        Confirmed User
        • Aug 2006
        • 3810

        #4
        Thanks. I'll search for the thread.
        The Fap Guide

        Comment

        • trevesty
          Confirmed User
          • Aug 2006
          • 3810

          #5
          Originally posted by KlenTelaris
          I think SZYN posted about it.
          Can't find anything by him, unless I suck at searching.
          The Fap Guide

          Comment

          • TisMe
            Confirmed User
            • Aug 2008
            • 1719

            #6
            It was SZNY, here's the thread: http://gfy.com/showthread.php?t=1052856
            Last edited by TisMe; 01-11-2012, 02:44 PM.

            Comment

            • PSD
              PornSiteDomains.com
              • Oct 2002
              • 1265

              #7
              Originally posted by TisMe
              It was SZNY, here's the thread: http://gfy.com/showthread.php?t=1052856
              I get "threat detected" in that thread with avast and MS security essentials.
              PornSiteDomains.com

              Comment

              • porno jew
                Too lazy to set a custom title
                • Nov 2006
                • 10166

                #8
                Originally posted by TisMe
                It was SZNY, here's the thread: http://gfy.com/showthread.php?t=1052856
                unable to open that thread. anyone else?

                Comment

                • 2MuchMark
                  Mark of 2Much.net
                  • Aug 2004
                  • 50980

                  #9
                  How do you update your sites? I remember a virus of some kind being reporting in an FTP program that would add a little extra to every html or htm page on a site.

                  Comment

                  • helterskelter808
                    So Fucking Banned
                    • Sep 2010
                    • 3405

                    #10
                    Problems viewing, or warnings about, the thread may be due to the "anti-malware" code on the page triggering anti-virus.

                    Comment

                    • trevesty
                      Confirmed User
                      • Aug 2006
                      • 3810

                      #11
                      Originally posted by MarkPrince
                      How do you update your sites? I remember a virus of some kind being reporting in an FTP program that would add a little extra to every html or htm page on a site.
                      via FileZilla
                      The Fap Guide

                      Comment

                      • EroTechnology
                        Confirmed User
                        • Dec 2011
                        • 117

                        #12
                        Originally posted by MarkPrince
                        How do you update your sites? I remember a virus of some kind being reporting in an FTP program that would add a little extra to every html or htm page on a site.
                        Filezilla FTP client used to be vulnerable and was exploited heavily by hackers some years back. Possibly this you`re thinking of?

                        EroTechnology.com - Advertising Opportunities | Free Adult Hosting | Banner Exchange Network | Traffic Stats Analysis - soon!
                        Buy Adult Traffic & Advertising | Buy Low Cost Targeted Ads On Our Adult Free Hosts
                        [email protected]

                        Comment

                        • trevesty
                          Confirmed User
                          • Aug 2006
                          • 3810

                          #13
                          Originally posted by EroTechnology
                          Filezilla FTP client used to be vulnerable and was exploited heavily by hackers some years back. Possibly this you`re thinking of?
                          Oh great.
                          The Fap Guide

                          Comment

                          • LatinaCrazy
                            Confirmed User
                            • Apr 2004
                            • 323

                            #14
                            Originally posted by JCK
                            I get "threat detected" in that thread with avast and MS security essentials.
                            It is because of the php he has embedded in the tread... No worries


                            ICQ: 288-147-085 | Email: promolata [at] gmail.com

                            Comment

                            • Caligari
                              Confirmed User
                              • Oct 2009
                              • 5414

                              #15
                              i frame embeds a problem for a while now-
                              this might help-
                              http://mycodings.blogspot.com/2009/0...from-your.html
                              How to Remove Iframe virus?
                              Iframe tags will be written just below the body tag. Follow the steps to remove virus.
                              1. Login to your FTP & edit the file which you've got iframe tag.

                              2. Look for the iframe tag just below the Body or Head tag.

                              3. Remove the coding & overwrite the file.

                              4. Now right click the file and click properties/File attributes and make it to "444". So that no hackers have privilege to write the file with iframe code.

                              5. Once you've cleaned this, the other type of virus will slowly raise, that is it will search the files that are included on the index.php file (ie dbconnect.php, general.php, configure.php, common.php, functions.php, classes.php etc) and it will write a php coding at the top of the page where it will dynamically write the javascript code at the time of execution of the file in the web - browser. The script will redirect the page to gumblar.cn/rss?id=2

                              6. To remove these type of error carefully look into the above mentioned filename, you can easily find out the php coding at the top of the page. Just remove the coding and make sure it is write protected, so that the php coding wont be written.
                              ATTN Webmasters Cruel Bucks - LIVE Gonzo Does Not Pay
                              ------------------------------------------------
                              Animal Rescue Click Here to Feed An Animal for Free

                              Comment

                              • SZNY
                                SZNY
                                • May 2004
                                • 2800

                                #16
                                1. Copy/paste the php code and save the file as php
                                2. Upload it to the root of your site
                                3. and run it like www.yourdomain.dom/filename.php


                                http://blog.insidecomp.com/?p=33#more-33
                                http://forum.nexoneu.com/NXEU.aspx?g=posts&m=3143118 (some background info)

                                Hope it helps
                                Telegram: sandroanthonio

                                Comment

                                • trevesty
                                  Confirmed User
                                  • Aug 2006
                                  • 3810

                                  #17
                                  Thanks guys. Our host tackled the issue pretty quickly.

                                  I'll bump this in a day or so just in case anyone else gets it.
                                  The Fap Guide

                                  Comment

                                  • bobby666
                                    boots are my religion
                                    • Nov 2005
                                    • 21765

                                    #18
                                    it's a "great" way to include toplists on your site to get invisible hits

                                    Comment

                                    • trevesty
                                      Confirmed User
                                      • Aug 2006
                                      • 3810

                                      #19
                                      Bump for others
                                      The Fap Guide

                                      Comment

                                      • brassmonkey
                                        Pay It Forward
                                        • Sep 2005
                                        • 77396

                                        #20
                                        you running arrow scripts?
                                        TRUMP 2026 KEKAW!!! - The Laken Riley Act Is Law!
                                        DACA ENDED - SUPPORT AZ HCR 2060 52R - email: brassballz-at-techie.com

                                        Comment

                                        • trevesty
                                          Confirmed User
                                          • Aug 2006
                                          • 3810

                                          #21
                                          Originally posted by brassmonkey
                                          you running arrow scripts?
                                          No I am not.

                                          A popular tube script on this particular site. Haven't seen it on any others yet.
                                          The Fap Guide

                                          Comment

                                          • CrazyWhiteMan
                                            Confirmed User
                                            • Nov 2005
                                            • 170

                                            #22
                                            seems like you got hacked. same shit happen to me...

                                            best bet is to format your server

                                            Comment

                                            • CurrentlySober
                                              Too lazy to wipe my ass
                                              • Aug 2002
                                              • 38946

                                              #23
                                              i cant afford an iframe...


                                              👁️ 👍️ 💩

                                              Comment

                                              • MediaGuy
                                                Confirmed User
                                                • Sep 2004
                                                • 5500

                                                #24
                                                Yep I got that too. It's either an exploit at your host (I called GoDaddy support and told them about it - they cleaned it up in a minute and then told me to change wordpress passwords regularly; though it's been said GoDaddy had been having this problem on their end) or something on your local machine that uses a weakness in FTP clients to write itself in hashed form into your templates or files when you do an upload.

                                                Apparently, after a clean up and regular password changes, it doesn't re-occur - which is what happened in my case...

                                                YOU Are Industry News!
                                                Press Releases: pr[at]payoutmag.com
                                                Facebook: Payout Magazine! Facebook: MIKEB!
                                                ICQ: 248843947
                                                Skype: Mediaguy1

                                                Comment

                                                • CyberHustler
                                                  Masterbaiter
                                                  • Feb 2006
                                                  • 28739

                                                  #25
                                                  It happens...
                                                  “If you can convince the lowest white man he’s better than the best colored man, he won’t notice you’re picking his pocket. Hell, give him somebody to look down on, and he’ll empty his pockets for you.”

                                                  Comment

                                                  • Operator
                                                    So Fucking Banned
                                                    • May 2009
                                                    • 2419

                                                    #26
                                                    Sure doesn't have to happen

                                                    Comment

                                                    • trevesty
                                                      Confirmed User
                                                      • Aug 2006
                                                      • 3810

                                                      #27
                                                      Originally posted by MediaGuy
                                                      Yep I got that too. It's either an exploit at your host (I called GoDaddy support and told them about it - they cleaned it up in a minute and then told me to change wordpress passwords regularly; though it's been said GoDaddy had been having this problem on their end) or something on your local machine that uses a weakness in FTP clients to write itself in hashed form into your templates or files when you do an upload.

                                                      Apparently, after a clean up and regular password changes, it doesn't re-occur - which is what happened in my case...
                                                      It was FTP.

                                                      My A/V finally caught onto it just now and went nutso.
                                                      The Fap Guide

                                                      Comment

                                                      Working...