We've noticed some web sites have been infected with a new virus. Here is some advice for those whose sites have been infected:
The mode of infection seems to be to insert a small <iframe> at the top of the <body> section.
It may look something similar to this,
<iframe src="http://[url]" width=125 height=125 style="visibility: hidden"></iframe>
It appears that it is getting in via FTP details - obtained by a virus/malware on your computer.
This means you will have to do the following;
1) Contact everyone with FTP access to your site and get them to remove any data referencing the UserName/Password.
That includes removing any "stored" or "saved" info in programs such as SmartFTP/FileZilla etc.
They should have to manually type the UN/PW every time they connect.
2) Contact your host and ask if they can do the following, or do it by yourself;
Immediately change the FTP Access.
Provide a 503 response and a message stating the site is receiving Maintenance
Use a Backup to restore the site to working conditions
If No Backup is available - then you may need to search through All Files for "iframe" and carefully remove any reference of such that are found. Further - seriously consider making Backups in future (keep 3 at a time). Infected files are index.*, home.*, main.* as usual.
3) Get everyone who had FTP details to Scan/Clean their system.
Programs such as MalwareBytes, AVGFree, SpyBotSearch and Destroy etc. are ALL worth having on any system.
You should also look into obtaining a REAL Firewall (do NOT rely on the Windows one!).
Only permit programs you know to pass through the Firewall.
Source: http://www.google.com/support/forum/p/Webmasters/thread?tid=0cdb473d121b6895&hl=en
but a security problem on your computer
wondering why it took 5 months almost to the day for it to become a concern for the community and boonex?
http://www.boonex.com/unity/forums/topic/Dolphin-or-Server-Hacked-.htm
Regards,
DosDawg
The real stuff that keeps away this infection is chmoding all index.php and index.html files with chmod444, this way the virus won't be able to write anything on your file. I tryed that and it really works. Give it a try and you'll thank me later, i assure you all! see more
And yes, i use SmartFTP to manage my websites and Dreamweaver CS4.
Solution 1: Search in ALL of your files starting with INDEX.HTML , INDEX.PHP , DEFAULT.PHP , HOME.PHP and MAIN.PHP . Even if your page is called index_something.php or default_something.php see more
yeah i gave up my conspiracy theorist hat long ago. this has nothing to do with dolphin. this is an age old hack that has been brought back to life. iframes in my lifetime were wearing us with postnuke, wordpress, b2evo, phpnuke, drupal, and many more of the more popular cms' releases.
If you are using an unsecured FTP client, you are in danger of exposing your passwords to hackers because the passwords are passed between your FTP client and your website in plain text. Use a program like WinSCP, or a FTP client that allows you to connect to your site using SFTP, see more
where are those rm -r keys?
1. If Dolphin code has security holes that allow malicious code insertion, or that allow remote fetching of data that gives access for the same, then this is a Dolphin issue, and any other data insertions will also be Dolphin issues; not separate issues, just the one bug that allows insertions.
2. Then again, if Dolphin see more
Regards,
DosDawg
http://www.google.com/support/forum/p/Webmasters/thread?tid=0cdb473d121b6895&hl=en
Please respect the author and credit your sources. It's good for him, it's good for people looking for more information, and it's good for one's own reputation.
(For example, the source post has pertinent information on scanning your entire site for other infected files, along with notes on other see more
Regards,
DosDawg
If you are using an unsecured FTP client, you are in danger of exposing your passwords to hackers because the passwords are passed between your FTP client and your website in plain text. Use a program like WinSCP, or a FTP client that allows you to connect to your site using SFTP, see more
@CodeSatori
YOU are right, the solution was found in Google, and it's see more
How true this is. If people would take the time to learn how things work, they would be less frustrated all of the time.
I went mad when i found out that i have to clean my site from another iframe injections. This time were less files infected and easier after i found the easy way to get rid of this shit. Yes, i say it again SHIT :)
Assuming you followed the instructions i posted previously on this blog, you guys, instead of removing the iframe code one by one from your files, use the following steps:
1. Use the "Find & Replace" feature, see more
Is there is any automated way to remove from code should we remove manually.. from the code ?
Thanks,
Omi