• Welcome to Web Hosting Community Forum for Webmasters - Web hosting Forum.
 

Recommended Providers

Fully Managed WordPress Hosting
lc_banner_leadgen_3
Fully Managed WordPress Hosting

WordPress Theme

Divi WordPress Theme
WPZOOM

Forum Membership

Forum Membership

IFRAME hack :: cPanel/WHM

Started by scott, December 05, 2007, 06:52:32 PM

scott

Hello,

One of my site has been attacked with iframe code. iframe code has been added at the end of each index page (index.php,index.htm,index.html). Any help regarding how to prevent such attack would be appreciate.

Thanks,

Scott

Mike

#1
Generally, the index page hacked with iframe code through insecure FTP/cPanel password or the system gets infected with the virus or worm from which you are managing the site. However, in case it is found the such hacking happened server wide, your hosting provider has to fix security breaches on the server. They can use custom mod_security rules to prevent such type of hacking attempt.

You can also refer the cPanel forum post regarding this issue:

http://forums.cpanel.net/showthread.php?t=62821

Thanks,

Mike

Andrew

#2
Hi,

I have read the post at cPanel forum regarding iframe hack. But it is difficult to tell the root cause of the issue. However, I have separated the few points from cPanel thread for this iframe/JavaScript hacking issues:

- This issue has been faced on the many servers running on different web hosting control panels like PLESK, ENSIM, CPANEL etc. So the issue is not specific to CPANEL.
- In most case, the code has been added via FTP. Hence, there might be some security breach in FTP or the Operating system.
- Other possible reason behind such hacking is the weak FTP password.
- There are some exploited or outdated scripts installed on the domains. Due to that hackers may upload some files to the server and get the access.

Above are the possible reasons for iframe/JavaScript hacking. I will post some more reasons as soon as I find them

Regards,
 
Andrew

Kailash

This issue is still unresolved and I think still no one has found the root caused of this problem. But the common thing is that such codes are added via FTP. They download the files, add the code in the page and upload the files again. It is yet find the cause how they get the password of the accounts even if we set strong password.

Kailash