Newbiesite Blog Newbiesite Blog

October 22, 2009

How to prevent iframe attacks

Filed under: General — Newbiesite Admin @ 7:01 am

<meta name="GENERATOR" content=" 1.1.5 (Linux)" /><meta name="CREATED" content="20091022;17290400" /><meta name="CHANGED" content="16010101;0" /> </p> <style> <!-- @page { size: 8.27in 11.69in; margin: 0.79in } P { margin-bottom: 0.08in } --> </style> <p style="margin-bottom: 0in">How to prevent iframe attacks?</p> <p style="margin-bottom: 0in"> <p style="margin-bottom: 0in">IFrame Injection Attack is one of the most common and most basic cross site scripting attacks.</p> <p style="margin-bottom: 0in"> <p style="margin-bottom: 0in">The HTML iFame tag allow authors to insert a frame inside a document. It is used to embed content from another page or site. Like all useful things, iFrame tags can be used for good or for bad.</p> <p style="margin-bottom: 0in"> <p style="margin-bottom: 0in">An iframe attack is an injection of one or more iframe tags into a page’s content. The iframe typically does something bad, such as downloading an executable application that contains a virus or worm in it, something that compromises a visitor’s system.<span id="more-21"></span></p> <p style="margin-bottom: 0in"> <p style="margin-bottom: 0in">Typically, all index.* files are infected with a piece of code that loads a hidden iframe in the page. Following are some examples which can be affected:</p> <p style="margin-bottom: 0in"> <p style="margin-bottom: 0in">index.htm</p> <p style="margin-bottom: 0in">index.html</p> <p style="margin-bottom: 0in">index.shtml</p> <p style="margin-bottom: 0in">index.php</p> <p style="margin-bottom: 0in"> <p style="margin-bottom: 0in">Usually, these type of attack affected to the sites by accessing their site’s username/passwords. The worm resides in some/any of the client side PCs you use for accessing the ftp/control panel accounts of your hosting server. When you type in the username and password for the ftp/control panel account, the worm silently reads the credentials, accesses your ftp account and infects the files in the server. It adds the iframe code to all index.* files.</p> <p style="margin-bottom: 0in"> <p style="margin-bottom: 0in">If you find the site infected with iframe attack, replace it with a fresh clean backup copy. Or download all your files from the server and check for infections. Clean the infected files and upload the clean content.</p> <p style="margin-bottom: 0in"> <p style="margin-bottom: 0in">You must remove the malware from your local machine using some antivirus software. AVG sees it as “Trojan Horse Down loader” and NOD32 sees it as “JS/Kryptik.B trojan”.</p> <p style="margin-bottom: 0in"> <p style="margin-bottom: 0in"> <p style="margin-bottom: 0in">How these type of attack affect search engine rankings?</p> <p style="margin-bottom: 0in"> <p style="margin-bottom: 0in">Google will mark your site in it’s search results with a warning: “This site may harm your computer”. Note that if the security of your website is compromised, it can affect the search engine rankings of the website. Besides, it may pave way for more sophisticated attacks.</p> <p style="margin-bottom: 0in"> <p style="margin-bottom: 0in">Yo can check with Google to see if your site is listed as suspicious. You can do this by using the following link (give the url of your site instead of yourdomain_name):</p> <p style="margin-bottom: 0in"> <p style="margin-bottom: 0in"></p> <p style="margin-bottom: 0in"> <p style="margin-bottom: 0in">How can I recover from iframe attacks?</p> <p style="margin-bottom: 0in"> <p style="margin-bottom: 0in">1 Change all the passwords immediately after an attack has been detected. You need to change all the passwords associated with the website; which include ftp passwords, ssh passwords, account passwords, database passwords, admin passwords and so on.</p> <p style="margin-bottom: 0in"> <p style="margin-bottom: 0in">2 Change the file/folder permissions in your account to the maximum secure mode.</p> <p style="margin-bottom: 0in"> <p style="margin-bottom: 0in">3 Upgrade your application used in site to latest stable version.</p> <p style="margin-bottom: 0in"> <p style="margin-bottom: 0in">4 Notify your web host about the attack and advice them to take measures against a possible server wide attack.</p> <p style="margin-bottom: 0in"> <p style="margin-bottom: 0in">5 Using a good antivirus software, scan and clean every PC you use for logging into your hosting server.</p> <p style="margin-bottom: 0in"> <p style="margin-bottom: 0in">6 Use 100% reliable ftp like fireftp (you can get it infirefox addons for free). Keep scan your site everyday for some days. Don’t keep your password and username in your ftp software.</p> <p style="margin-bottom: 0in"> <p style="margin-bottom: 0in">7 Never use public computers to access your server.</p> <div class="mr_social_sharing_wrapper"> <!-- Social Sharing Toolkit v2.2 --><span class="mr_social_sharing"><fb:share-button type="button" href=""></fb:share-button></span><span class="mr_social_sharing"><div class="g-plusone" data-size="medium" data-annotation="none" data-href=""></div></span><span class="mr_social_sharing"><script type="IN/Share" data-url=""></script></span><span class="mr_social_sharing"><a href="" class="pin-it-button" count-layout="none"><img border="0" src="//" title="Pin It" /></a></span><span class="mr_social_sharing"><a href="" class="twitter-share-button" data-count="none" data-url="" data-text="How to prevent iframe attacks"></a></span><span class="mr_social_sharing"><span style="display: inline-block; width: 51px; height: 21px; overflow: hidden;"><div class="fb-like" data-href="" data-send="false" data-width="51" data-show-faces="false"></div></span></span><span class="mr_social_sharing"><a rel="nofollow" class="linksalpha_button linksalpha_link" href="//" data-url="" data-text="How to prevent iframe attacks" data-desc="How to prevent iframe attacks? IFrame Injection Attack is one of the most common and most basic cross site scripting attacks. The HTML iFame tag allow authors to insert a frame inside a document. It is used to embed content from another page or site. Like all useful things, iFrame tags can be used" data-image="" data-button=""> <img src="//" alt="Share" class="linksalpha_image" /> </a><script type="text/javascript" src="//"></script></span></div> </div> <div class="feedback"> <a href="">Comments (0)</a> </div> </div> <h2 id="comments">No Comments <a href="#postcomment" title="Leave a comment">»</a> </h2> <p>No comments yet.</p> <p><a href=""><abbr title="Really Simple Syndication">RSS</abbr> feed for comments on this post.</a> <a href="" rel="trackback">TrackBack <abbr title="Universal Resource Locator">URL</abbr></a> </p> <h2 id="postcomment">Leave a comment</h2> <p>You must be <a href="">logged in</a> to post a comment.</p> <!-- begin footer --> </div> <!-- begin sidebar --> <div id="menu"> <ul> <li class="pagenav">Pages:<ul><li class="page_item page-item-2"><a href="">About</a></li> </ul></li> <li id="linkcat-11" class="linkcat">Blogroll <ul class='xoxo blogroll'> <li><a href="" title="Affordable web design and programming" target="_blank">Armia systems, Inc</a></li> <li><a href="" title="Backup your data to online servers or your own computer for free" target="_blank">Free data backup</a></li> <li><a href="" title="Get free and commercial web software for your web site" target="_blank">Web Scripts</a></li> <li><a href="" title="Create professional looking websites in minutes without any html knowledge" target="_blank">WebSite Builder</a></li> </ul> </li> <li class="categories">Categories:<ul> <li class="cat-item cat-item-6"><a href="" >Bandwidth</a> </li> <li class="cat-item cat-item-9"><a href="" >Customer Support</a> </li> <li class="cat-item cat-item-8"><a href="" >Domain Safety</a> </li> <li class="cat-item cat-item-10"><a href="" >Domains</a> </li> <li class="cat-item cat-item-3"><a href="" title="These are the details of Newbiesite features and functionalities to make your life little easier. You should be knowing these already. But if you don't here it is..">Features</a> </li> <li class="cat-item cat-item-1"><a href="" title="Things that does not fall under anything else. ">General</a> </li> <li class="cat-item cat-item-2"><a href="" title="New to this web thing? NewbieSite can guide you through the maze with overwelming you. Here are some topics you might find useful to realize the full potential of your web presence">How to</a> </li> <li class="cat-item cat-item-7"><a href="" >Spam</a> </li> <li class="cat-item cat-item-5"><a href="" >Web Hosting</a> </li> </ul></li> <li id="search"> <label for="s">Search:</label> <form id="searchform" method="get" action=""> <div> <input type="text" name="s" id="s" size="15" /><br /> <input type="submit" value="Search" /> </div> </form> </li> <li id="archives">Archives: <ul> <li><a href=''>November 2013</a></li> <li><a href=''>March 2013</a></li> <li><a href=''>October 2012</a></li> <li><a href=''>January 2010</a></li> <li><a href=''>December 2009</a></li> <li><a href=''>October 2009</a></li> <li><a href=''>September 2009</a></li> <li><a href=''>July 2008</a></li> <li><a href=''>July 2007</a></li> <li><a href=''>June 2007</a></li> <li><a href=''>April 2007</a></li> <li><a href=''>November 2006</a></li> <li><a href=''>October 2006</a></li> <li><a href=''>August 2006</a></li> <li><a href=''>July 2006</a></li> </ul> </li> <li id="meta">Meta: <ul> <li><a href="">Log in</a></li> <li><a href="" title="Syndicate this site using RSS"><abbr title="Really Simple Syndication">RSS</abbr></a></li> <li><a href="" title="The latest comments to all posts in RSS">Comments <abbr title="Really Simple Syndication">RSS</abbr></a></li> <li><a href="" title="This page validates as XHTML 1.0 Transitional">Valid <abbr title="eXtensible HyperText Markup Language">XHTML</abbr></a></li> <li><a href=""><abbr title="XHTML Friends Network">XFN</abbr></a></li> <li><a href="" title="Powered by WordPress, state-of-the-art semantic personal publishing platform."><abbr title="WordPress">WP</abbr></a></li> </ul> </li> </ul> </div> <!-- end sidebar --> <p class="credit"><!--40 queries. 0.394 seconds. --> <cite>Powered by <a href='' title='Powered by WordPress, state-of-the-art semantic personal publishing platform.'><strong>WordPress</strong></a></cite></p> </div> <!-- Powered by WPtouch: 4.3.23 --><script type='text/javascript' src=''></script> </body> </html>