iframe Hack – A Warning for readers and other bloggers

[2 Oct 2009 | By | 47 Comment(s) | 11,125 views ]

1571667746_1e97552541Dabbled got hacked a few weeks ago, and I just figured it out. So I’m passing on the warning to you guys.

First off, everyone should do regular spyware checks on your computer. Yes, even if you have a mac–in the forums I was reading there were mac users with these issues.  Yes, even though you already run a virus scan.   There are a bunch of programs out there, but I typically use Spybot Search & Destroy and AdAware. They are both free for personal use. And if you use IE I recommend switching to Firefox. The ad blocking and script blocking add-ons will save you headaches. Also, if you’re using version 8 or below of Acrobat Reader, upgrade to version 9.

Secondly, to my fellow bloggers – check your site and confirm that you haven’t been hacked as well. In my research today I found that this has been a pretty common hack recently, and it’s hidden so you don’t notice it — but you could be spewing icky links to Google or directing your users to malware without even knowing it. If you have a wordpress blog, check your index.php files. Mine all had an iframe to an icky site added to the end of them all. You can also use this site to see if you have hidden evil links: http://www.unmaskparasites.com/.

Note: This was NOT wordpress specific, although alot of WP sites have reported it.

I think I have it all cleaned up now, but my symptoms were:

  • some weird site slowness
  • 2 reports (over 2 weeks) of malware/virus warnings by readers
  • some odd Adobe acrobat errors that I got myself when on the site.

Like I said, not much is really visible, and most of it could be attributed to a flaky link or add in.

Once I got into troubleshooting this morning, I also found:

  • Every index.php file had been modified to include an iframe link at the end (even empty ones and ones in unused themes)  (I manually fixed most of these)
  • extra html files added (maybe index or default, can’t remember)  (deleted these)
  • Modifications to the base wordpress files (a clean install fixes these)
  • I couldn’t find any malware on my computer, but I did have a serious computer crash/issues a while back, which could have been malware related.

I think that was all I found.. hopefully that was the extent.  In addition to fixing the above, I changed ftp and website account passwords (especially since multiple sites under the same account were impacted), as well as WP admin passwords, downloaded several security plugins.

Eep! Hacked!

If you do have the iframe hack that I had (there have also been issues reported where malicious javascript was added, or malicious users or plugins, so check those too), you’ll need to clean it up.
First clean your own computer of malware, as directed above. You may also want to go deeper. If you’re using WordPress, you’ll need to reinstall WP, and manually clean up your wpcontent directory, and check every theme. Download fresh copies of your theme from the source, or edit the files manually. If you have a custom theme, manually delete any changes, or upload from backups. Disable plugins and either re-download or manually check.  In my case, all the bad stuff happened on a single date, so I just looked for file/folders with that date to check.   The database is also vulnerable, although I didn’t see any issues with mine.  One of the links below has a SQL statement you can run to check for some common issues.

If you’re running multiple sites, don’t forget to check them all.  I even had the issue show up on my test blog site.

You’ll want to change all your site related passwords, particularly your FTP password. Make sure you’re using a good password (numbers, letters, special characters, caps). You also want to notify your ISP that you’ve been hacked to see if they can check for anything you’ve missed.

Whew! Not me!

If you don’t currently have a virus, do take a few minutes RIGHT NOW (or asap) to download / backup your entire site. Life will be easier then if you are hit with one.  And if you’re running WordPress, upgrade to the latest version.  There were some security flaws in the previous (this wasn’t my issue, I was on the latest).

Anyway, since I’ve spent much of the day Thursday fixing this site, the Dabbled|Studios site, plus 2 client sites, I was less than productive with anything Halloween related, so sorry bout that.  But this counts as scary, right?? [Actually, stay tuned, your regularly scheduled Halloween Pumpkin Carving post will be up shortly!]

If this happens to you, here are some additional writeups to help, and google “iframe hack” for more information.  I’m sure I haven’t covered it all here, and i’m not a security expert by any means.

Resources in case you’ve been hacked:

http://wordpress.org/support/topic/281767
http://blog.unmaskparasites.com/2009/04/29/another-type-of-iframe-hack-php-exploit/
http://blog.unmaskparasites.com/2009/04/15/malicious-income-iframes-from-cn-domains/
http://www.dnxpert.com/2009/07/24/cleaning-up-wordpress-iframe-hack/
http://www.spam-whackers.com/blog/2007/09/27/iframe-hack/
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://codex.wordpress.org/FAQ_My_site_was_hacked

WordPress Blog Security

Good luck!

*Photo credit: ‘MUHAHAHAHAHA – black and white’ was taken by chris runoff

iframe Hack – A Warning for readers and other bloggers
This entry was posted in website design and tagged , , . Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL. 11,125 views

47 Comment(s) »

  • HeatherM [] :

    Wow, that’s really awful!!

    Thanks for sharing all your tips for checking it.

  • Innovative updates [] :

    most of the user affected by iframe attack,, im also affected, for that i have analyzed lot how to protect and secure,, finally i got one solution check the below link this will much helpful for iframe attack protection,

    http://www.4tech.info/os-tweaks/what-to-do-if-you-find-malicious-iframes/

  • JonesPriscilla26 [] :

    Lots of specialists argue that loan aid people to live their own way, just because they can feel free to buy needed goods. Moreover, a lot of banks give secured loan for young and old people.

  • Best Online jobs [] :

    Hey There. I found your weblog the use of msn. This is an extremely smartly written article.

    I’ll be sure to bookmark it and come back to read more of your helpful information. Thanks
    for the post. I will definitely comeback.

  • surgical mistakes [] :

    From 2002 to 2006 sales jumped too ver $600
    billion. I’ve been to the neurosurgeon twice for x-rays and can see
    bone growth. And I looked up annd there was Mike and Roon [smiley face].

  • gta 5 pc full download [] :

    This is my first time pay a quick visit at here and i am in fact
    pleassant to read all at one place.

  • Game Temple Run 2 Mien Phi Cho Dien Thoai [] :

    Wonderful goods from you, man. I have take into account your stuff previous to and you are simply too wonderful.

    I really like what you’ve obtained here, certainly like what you
    are saying and the best way wherein you are saying it.
    You are making it enjoyable and you still care for
    to stay it sensible. I can not wait to read
    far more from you. That is really a terrific site.

  • Http://To.ly/BBGC [] :

    From this music scene Bling-bling developed, with the successful DJs and other hip
    hoppers and rappers wearing large flashy and ostentatious jewelry, like big neck pendants, bracelets, and gold
    chains. Most software program songs production requires a superb volume of speed
    to run appropriately. This fear of the homosexual
    is a result of what Adrianne Rich referred to as “compulsory heterosexuality”
    (Alexander).

  • Zane [] :

    This is very interesting, You are a very skilled blogger.

    I have joined your feed and look forward to seeking more of your magnificent post.
    Also, I’ve shared your web site in my social networks!

  • strona [] :

    Great post. I used to be checking constantly
    this blog and I’m inspired! Very helpful info specifically the closing phase :) I
    handle such information much. I used to be seeking this particular information for a
    long time. Thank you and best of luck.

  • agar.io [] :

    This is the most “natural” of any agar.io hack we’ve seen so
    far. Developer Matt Donovan has created an algorithm that can mathematically solve a game of
    agar.io by making the best possible move at any given time.
    There are several uses for this agar.io hack. The first and most
    obvious is just to automate an entire game and watch
    the computer play against itself. You’re 90% certain to see that coveted win screen (reproduced above), but it’s a hollow victory.

    You only clicked a button ; the rest was computer math and agar.io fun :)

  • ปั๊มไลค์ [] :

    I read this paragraph completely about the resemblance of most up-to-date and preceding technologies,
    it’s awesome article.

  • tampa florida painter [] :

    If you desire to increase your experience just keep visiting
    this website and be updated with the hottest information posted here.

  • tricyclesforkids.com [] :

    Aw, this was a very good post. Taking a few minutes and actual effort to create a very good
    article… but what can I say… I hesitate a
    lot and don’t seem to get anything done.

  • Free Games To Download For Android [] :

    Hi! I’m at work surfing around your blog from my new iphone 3gs!
    Just wanted to say I love reading through your blog and look forward to all your posts!
    Keep up the superb work!

  • app.box.com [] :

    It’s going to bee ending of mine day, except before end I am reading this enormous article to increase
    my experience.

  • fully wifi working hack 2015!. [] :

    Definitely believe that which you said. Your favorite justification appeared to be on the net the simplest thing to be aware of.
    I say to you, I certainly get irked while people consider worries that they plainly
    don’t know about. You managed to hit the nail upon the top as well as defined out
    the whole thing without having side effect , people can take a signal.
    Will likely be back to get more. Thanks

  • property For sale Barnet [] :

    It’s nearly impossible to findd knowledgeable people about this topic, however, you eem
    like you know what you’re talking about! Thanks

  • Online Franchise [] :

    I like the helpful info you provide in your articles. I’ll bookmark
    your weblog and check again here regularly. I am quite sure
    I will learn plenty of new stuff right here! Good luck for the next!

  • diamond Co Supply [] :

    Heya i’m for the first time here. I found this board and I find It really useful & it
    helped me out a lot. I hope to give something back and aid others like
    you aided me.:
    \

  • myfreeblack [] :

    If you may have to check in or call your spouse many times each and every
    day, then you just do it. A unique & magnificent wedding ceremony with an elegant wedding dress is undoubtedly a long-awaited dream for each girl.
    – 829 Telltale Signs, and publishes the Infidelity News and Views blog.

  • Photo Gallery Wrap Canvas [] :

    Visit inkdoodle.ca for 80% off Photo Canvases

  • estate agents in Totteridge [] :

    This is vesry interesting, You are a very skilled blogger.
    I have joined your feed aand look forward too seeking more of your wonderful post.
    Also, I’ve shared your website in my social
    networks!

  • Alcohol rehab New York [] :

    An outstanding share! I have just forwarded this onto a friend who was conducting a little research on this.

    And he in fact bought me dinner simply because I stumbled upon it for him…
    lol. So allow me to reword this…. Thank YOU for the
    meal!! But yeah, thanx for spending time to discuss this issue here on your blog.

  • steel beam hangers [] :

    Heya i am for the primary time here. I found this bosrd and
    I find It truly useful & it helped me out much. I am hoping to provide
    one thing back annd help others like you aided me.

  • ปั๊มไลค์ [] :

    Good information. Lucky me I recently found your site by accident (stumbleupon).

    I have book-marked it for later!

  • motivation [] :

    Wow, superb blog layout! How long have you been blogging for?
    you make blogging look easy. The overall look of your website is magnificent, let alone the content!

  • Jual Beli google cardboard VR Virtual Reality Indonesia murah original Premium high quality [] :

    I like the valuable info you provide in your articles.
    I will bookmark your blog and check again here regularly.
    I’m quite certain I will learn many new stuff right
    here! Best of luck for the next!

  • ปั๊มไลค์ [] :

    I am sure this paragraph has touched all the internet
    people, its really really nice post on building up new website.

  • Windows Phone Intelligent Game [] :

    I’m curious to find out what blog platform you happen to be using?
    I’m experiencing some small security problems with my latest website and I would like to find something more safeguarded.
    Do you have any solutions?

  • Windows Phone Puzzle Game [] :

    Fabulous, what a web site it is! This weblog provides useful facts to us, keep it up.

  • iPhone Puzzle Game [] :

    Hi my family member! I want to say that this article is awesome, great written and come with
    approximately all significant infos. I would like to see more posts like this .

  • WWE Immortals Hack Android iOS Cheats - Download [] :

    JBL furieux, arrive en trombe dans le bureau de Theodore
    Long, pour lui demander de faire quelque chose avec The Boogeyman.

  • Bdsm And Vod [] :

    Ɍemarkable! Its in fɑct remarkable piece of writing, I hae ɡot mսch cleaг idea about fгom
    this post.

  • badoo premium hack [] :

    They said that it might just be on hold, for when the free trial
    does end and told me to wait 10 days and then ring the bank again.

  • teen orgasm [] :

    These are actually wonderful ideas in concerning blogging.

    You have touched some nice points here. Any way keep up wrinting.

  • boom beach hack android root [] :

    Additional information, the game is being updated daily and there are wonderful additions to what you can do.
    Also the bugs have been fixed, and users are actually becoming more and more, so this is your chance to be one of the
    best online y acting fast.

  • agar.io cheats [] :

    I think the admin of this web page is truly working hard in favor of his website, as
    here every data is quality based material.

  • agar.io hack [] :

    Oh my goodness! Incredible article dude! Thank you, However I am going through issues with your
    RSS. I don’t know the reason why I can’t join it. Is there anybody getting identical RSS
    issues? Anyone who knows the solution can you kindly
    respond? Thanx!!

  • quiente [] :

    Hello my loved one! I want to say that this post is amazing, nice written and include approximately all
    important infos. I’d like to see extra posts like this .

  • packing and moving [] :

    Hello to every body, it’s my first visit of this weblog;
    this weblog carries amazing and actually good
    information in support of readers.

  • Naomi [] :

    This piece of writing will help the internet visitors for building up new weblog or even a blog from start to end.

  • Slider [] :

    It is not my first time to visit this site, i am browsing this web site dailly and obtain pleasant data from here daily.

  • flippantey279.livejournal.com [] :

    A person necessarily help to maake seriously posts I might state.
    Thhat is thhe very first time I frequented your weeb page and thus far?
    I amazed with the analysis you made to make this particular publish extraordinary.
    Wonderful process!

  • Angle Bracket [] :

    What’s Goiing down i am new to this, I stumbled upon this I
    have discovered It positively helpful and it has aieed me out loads.
    I am hoping to contribute & assist different customers like its helped
    me. Good job.

  • Despicable Me Hack [] :

    I am really impressed with your writing skills as well as with the layout on your blog.
    Is this a paid theme or did you modify it yourself?
    Either way keep up the nice quality writing, it’s rare to see a great blog like this one these
    days.

  • http://haydaytool.pw [] :

    Quality articles or reviews is the key to be
    a focus for the people to visit the web site, that’s what this website is
    providing.