iFrame

If your antivirus alerts you for abnormal connection or you receive virus alert notification every time you surf your website, there is possibility that your website has been inserted with iframe code. You can verify it by using view source feature on your web browser.

テつ


Sample antivirus notification from avast! Scanner

テつ


Sample iframe code in view source

テつ

What is iframe?

IFrame (from inline frame) is an HTML element which makes it possible to embed another HTML document inside the main document.

テつ

URL: http://en.wikipedia.org/wiki/IFrame

テつ

How did your website get inserted with iframe?

The third party (the attackers) used automated tools, logged into the FTP account, searched through all user account directories for index files (index.htm, index.html, index.php, index.asp, index...etc) , downloaded the index file, inserted the iframe code (usually at the beginning or the bottom of the index file), and uploaded the index file to the same directory to replace the original index file.

テつ

This happens may due to the account has been set with weak password for FTP account, or web application account which is allowed directly access to edit the file. In some cases, it appears that there may be security problems on the end user computers.

テつ

What does it do?

  1. The iframe may bring you to a malicious site to download the malicious files into your computers.
  2. It may attempt using vulnerability on web browser to break into your computers.
  3. Possibly other attacks.

テつ

What should you do if your website has been inserted with iframe?

  1. Please do a full scan on computers which have the password stored.
  2. Change the FTP password to strong password.
    URL: http://en.wikipedia.org/wiki/Password_strength
  3. Rename the hacked index file for further analysis.
  4. Clean up the index file by removing the iframe code.
  5. Review the application code, and update the applications to the latest version.
  6. Report it to us.

テつ

Best Practice

  1. Avoid using weak password, always set strong password for your accounts.
  2. Up to date antivirus definition database and always scan your computers as a precaution.
  3. Use other protocol for file transfer, such as SFTP, or SCP as the transfer over the network is encrypted.
  4. Always patch your computers operating system, softwares, and update your applications to the latest version once the new version is released.
  • 6 Users Found This Useful
Was this answer helpful?

Related Articles

Archieve or backup storage

Using shared hosting account as a backup/storage device is not permitted. This includes but not...

Black Hat SEO

Black Hat search engine optimization is customarily defined as techniques that are used to get...

Compromised Email Account Recovery

The steps to recover your email account. Change the email account's password. At least 8...

Compromised Websites Recovery

The steps to recover your websites. テつ Take your site down or put it into maintenance mode...

Distributed Denial of Service (DDoS)

Refers to DoS (Denial of Service) - an acronym for the disruption that results from an attack on...