09.07.2008

Malicious iframe codes and methods to delete them

Malicious iframe codes and methods to delete them

When viewing the site code, basically the index page, you may find that a link to the site that contains a trojan virus of the form has been added to the code:

iframe src="some_url" //some_url - link to a site with a trojan

It also happens that such a link is encoded, usually in base64.

So, when you go to such a page, a Trojan is automatically loaded, which tries to infect the visitor’s computer. Who is to blame and how to deal with this problem?

Usually, users when they encounter such a problem blame the hoster, but in 99.9% of cases the problem arises because the webmaster, or someone who has passwords for ftp-access to the hosting is infected with a Trojan that searches for saved passwords in the most common ftp- clients (often Totat Commander), mail clients (often Outlook-like) and sends them to a special host on the Internet. In 90% of cases, infection occurs through the vulnerabilities of Internet Explorer and Outlook. Using ftp-access stolen with the help of a trojan, special programs modify the site by adding malicious iframe code, which we wrote about above, to many pages. Index pages - index.html, index.php, etc. are mostly infected, but it happens that all files with certain extensions are also infected.

How to deal with this problem, if it has already arisen?

First of all, you, and everyone who has access to change your site, need to check your computer for viruses with an antivirus with the latest anti-virus databases, and check with not one antivirus, but several, from different manufacturers, and only after completely cleaning your computer, change all passwords on hosting - ftp-access, control panel, etc. Only after you have done all this, is it necessary to clean all malicious iframe links from the site code, then they will no longer appear. But, if you did not find viruses that have stolen passwords from you, then new passwords will be stolen very quickly, from which malicious iframe links will be inserted again. Also, if you do not change all the passwords, then again, using the stolen ftp-access, malicious iframes will be inserted. Keep this in mind!

How to prevent such problems?

In order to prevent the occurrence of such problems, it is best not to use windows-systems for work, then you simply will not be able to steal passwords, since viruses are mainly aimed at windows-systems. But this is a very radical method and will not work for many. But, you can greatly reduce the likelihood of a problem. To do this, it’s best not to use Internet Explorer and Outlook as potentially vulnerable at all, not to save passwords for ftp access in client programs such as Total Commander and others, to update Windows and antivirus software in a timely manner, since viruses that steal passwords are mainly used Windows operating system vulnerabilities.

Latest news

Discount on all Ukrainian domains until 10/21/2022!
14.10.2022
Discount on all Ukrainian domains until 10/21/2022!
Dear users! For a whole week -15% discount for registration of all Ukrainian domains using the promo code defendersday22!
Increase in price of a number of Ukrainian domains UA ccTLD!
28.09.2022
Increase in price of a number of Ukrainian domains UA ccTLD!
Dear users! From October 1, 2022, we are waiting for a rise in price in a number of Ukrainian domains - in.ua, od.ua, mk.ua!
Important changes in some Ukrainian domains!
09.03.2022
Important changes in some Ukrainian domains!
Dear users! In some Ukrainian domain zones, the Redemption period for domains has been increased from 30 to 60 days.
Rise in price of dedicated IPv4 in Germany!
09.08.2021
Rise in price of dedicated IPv4 in Germany!
Dear users! In Germany, additional dedicated IP addresses (IPv4) and IP networks have risen significantly.

Latest Blog Posts

New virus Coronavirus (COVID-19) and cyber fraud on the Internet
02.03.2020
New virus Coronavirus (COVID-19) and cyber fraud on the Internet
The panic surrounding the coronavirus COVID-19 is used by cyber fraudsters on the Internet - phishing, selling masks, vaccines and tests.
Mail is not sent - check if the internet provider is blocking port 25
11.01.2020
Mail is not sent - check if the internet provider is blocking port 25
How to check if provider is blocking port 25 using the command line in Windows. How to send mail if port 25 is blocked.
How to install Clam AntiVirus (ClamAV) on a VPS or server with CentOS
11.11.2019
How to install Clam AntiVirus (ClamAV) on a VPS or server with CentOS
Install Clam AntiVirus (ClamAV) on VPS / VDS or a dedicated server with CentOS OS and configure daily server scan.
ISPmanager no longer supports backup to Yandex.Disk
20.10.2019
ISPmanager no longer supports backup to Yandex.Disk
Within a week, Yandex.Disk will disappear from the list of backup storage in the ISPmanager panel and other ISPsystem products.