Websites infected with an IFRAME or malware script
IFRAME and java script based malware infections are growingly common these days. These infections normally occur either through leaked FTP passwords or machines infected with virus / malware that adds these lines of code on files uploaded. Most of the time, it is through a leaked FTP password obtained from an insecure system.
This hacked website is then used to further spread the attack when a visitor opens it and accesses the hidden iframe content. This is a growing issue and thousands of websites are infected almost on a daily basis through this method.
1. Keep your computer operating system up to date at all times. Always download available OS security updates at the earliest.
2. Do not use Internet Explorer to FTP your website. Use a seperate FTP program like Core FTP or WS_FTP
3. Avoid saving passwords in the browser, specially FTP passwords. Do not FTP from a public or insecure connection.
4. Change passwords frequently and set a strong alphanumeric password.
5. Install an antivirus and keep it updated. Avast is a good free antivirus program for home / personal use and can be downloaded from www.avast.com
6. Avoid suspicious websites
7. If you receive an email from an unknown person with an attachment do not open it.
Cleaning up after an infection:
1. Take your site offline and put up a maintenance page on your website to avoid getting it blacklisted by search engines.
2. Format and secure your machine with a reliable install disk or use a fresh installed, OS updated computer with an updated antivirus.
3. Change FTP and other related passwords.
4. Delete all files and upload clean content – verify that the files you are uploading are not infected by checking for unknown Java script or iframe code normally found near the body tag in the code and at the end of the file. If a backup copy is unavailable, check code of files on the server for the same and delete the malware lines of code.
5. Take steps listed in prevention above to avoid repetition of such issues.
Site is black-listed by google / firefox / chrome
1. Follow steps in Cleaning up after infection
2. Follow steps in Prevention
3. Verify that no malware is present in your website
4. Follow http://googlewebmastercentral.blogspot.com/2008/04/my-sites-been-hacked-now-what.html
Other related links