GoFuckYourself.com - Adult Webmaster Forum - View Single Post - IFrame Virus/Trojan experiences & question.. Please share yours

Ecchi22 · 06-20-2009, 01:42 AM

Few months ago, I had to deal with this problem..

Some weird piece of code affected almost all my sites on a shared hosting, but it happened on my dedicated too.

Somehow it injects code in .html and .php pages, usually ones with "index" and "home" names. Some antiviruses detects them, some aren't, but google stamps "warning" at your site which, you have to admit is pretty bad and decreases the traffic a lot (in my case, 6 times less traffic).

I tried to clean this code and update almost every CMS software I had on my host, but the problem was still occurring.
Contacted hosting support too, and they told me to change all my passwords (cpanel & ftp accounts). I've done that and everything seemed to be fine. Forgot to mention that I spent lots of time using google webmasters tools to request review after the cleanup.

Yesterday, I noticed this code being injected again. I cleaned it up, but I'm getting a bit worried now, so I'd like to stop it once forever (ok, at least for some time).

In order to isolate my side in this problem, I worked 2 months on newly installed linux machine with all new passwords for host, but some sites still got infected.

What's your experience about this and similar thingies? Is it hosting issue or something else? Any prevention tips?

06-20-2009, 01:42 AM
Ecchi22 Too lazy to set a custom title Industry Role: Join Date: Nov 2005 Posts: 10,012	IFrame Virus/Trojan experiences & question.. Please share yours Few months ago, I had to deal with this problem.. Some weird piece of code affected almost all my sites on a shared hosting, but it happened on my dedicated too. Somehow it injects code in .html and .php pages, usually ones with "index" and "home" names. Some antiviruses detects them, some aren't, but google stamps "warning" at your site which, you have to admit is pretty bad and decreases the traffic a lot (in my case, 6 times less traffic). I tried to clean this code and update almost every CMS software I had on my host, but the problem was still occurring. Contacted hosting support too, and they told me to change all my passwords (cpanel & ftp accounts). I've done that and everything seemed to be fine. Forgot to mention that I spent lots of time using google webmasters tools to request review after the cleanup. Yesterday, I noticed this code being injected again. I cleaned it up, but I'm getting a bit worried now, so I'd like to stop it once forever (ok, at least for some time). In order to isolate my side in this problem, I worked 2 months on newly installed linux machine with all new passwords for host, but some sites still got infected. What's your experience about this and similar thingies? Is it hosting issue or something else? Any prevention tips? __________________ Last edited by Ecchi22; 06-20-2009 at 01:43 AM..