Remember Me
forgot your password?

Quick Reference Links To Fight Iframe Injections

Posted: Nov 11th, 2009 | Comments: 0 | Views: 16 | Bookmark and Share
Syndicate this Article

I have had many requests from people reading my articles on combatting iframe injection attacks, which you can find at http://websiteprotection.blogspot.com, to create a quick start guide with the various links one can use to detect and recover from iframe injection attacks.

These links are just a quick summary and you should read the full articles to get the maximum benifits.

CHECKING TO SEE IF YOUR WEBSITE IS SAFE

a) http://www.google.com/safebrowsing/diagnostic?site=http://yourdomain_name

Copy and paste the above link into your browser and then replace "yourdomain_name" with your actual website name, e.g. websiteprotection.net

b) http://www.unmaskparasites.com/

Enter your URL to test for malicious iframes

IFRAME SCANNERS

a) http://www.diovo.com/wp-content/uploads/2009/04/clean.php.txt

Download the script and then using notepad editor, you need to change the following line in the script:

$webpath ="Type your domain name here. Eg:http://www.diovo.com/"
which becomes:
$webpath ="http://www.yourdomain_name/
Where "yourdomain_name" is replaced with your actual domain name.
Upload to your root directory.

Test URL is:
http://www.yourdomain_name/clean.php?s=index.php&c=iframe
where:
s=webpage.ext

b) http://www.websanity.co.uk/blog/2009/08/scan-website-files-for-iframe-injection.html

Download the script and using notepad editor, change the following lines in the script as required:
define('IGNORE_EXTENSIONS',"jpg pdf zip psd doc gif swf xls"); // Ignore files of these types
define("IGNORE_BEFORE", strtotime('2009-08-01') );

c) Auto Scanner Scheduler: http://www.splinterware.com

FILE PERMISSIONS

CHMOD 444 to prevent writing to web page

IFRAME DE-OBFUSCATORS

a) http://www.novirusthanks.org/javascript-deobfuscator.html

b) http://www.patzcatz.com/unescape.htm

c) http://www.strictly-software.com/unpack-javascript.aspx

IFRAME UNPACKERS

a) http://matthewfl.com/unPacker.html

b) http://blog.shimazu.org/utils/packer_decoder.html

c) http://www.strictly-software.com/unpack-javascript.aspx

IFRAME PACKER

For those who want to see how packing is done with a javascript packer.
Make sure to check the "Base62 encode" box or else it will not work.

http://dean.edwards.name/packer

You should use this quick guide only after you have read all related iframe injection articles.

Don't forget that not all iframes are bad. Be sure before you delete.

Joseph Schembri

Joseph Schembri has written many ebooks that are practical, easy, but thorough with step by step advice on website security protection and internet niche marketing. They are written in a language that you can understand with all the extra nice to have stuff stripped away.
http://www.schembrionics.com
http://www.websiteprotection.net
http://www.nichemarketingsecrets.net

Rate this Article: 0 / 5 stars - 0 vote(s)
Print Email Re-Publish

Add new Comment

Captcha

  • Latest Web Design Articles
  • More from Joseph Schembri

Effective Website Design

By: MiNeeds | 21/11/2009
Before starting on how to design a website effectively, how about clearing some basic web design concepts? Refer my previous article Web Design Basics

Web Design Basics

By: MiNeeds | 21/11/2009
You have a flourishing business – everything is in its place. You just miss one important piece of marketing: an Internet Presence a website. Like everything in business, getting a website needs planning. Getting an effective website needs even more planning

Flash Website Design: The Smartest Choice

By: Arun Kumar | 21/11/2009
For those who want to have their own Flash websites, there must have been many words of advice and even a slew of misleading information that came their way. While many say Flash is a web development and design platform that slows down web crawlability in search engines, for the rest it’s one of the best animation and graphic design programs the world has ever seen.

How does a web development company get you more business?

By: Pradeep Shukla | 21/11/2009
If you have just started your business or are looking for new ways to popularize it across the globe then it is necessary that to have a company website.

Five Website Redesign Steps to Follow, in Order to Achieve Website Redesign Success

By: Nicole McCullum | 20/11/2009
Achieving a successful website presence that deliver the results you seek, is never just about how “pretty” your website looks, it’s also about how well it performs and how useful your website is to your visitors. In order to achieve success with your website redesign here are five steps to follow.

What’s the Difference?

By: Andy Crestodina | 20/11/2009
Any company that has looked into getting a new website will tell you that the price range can be enormous… A few thousand dollars? Ten thousand? Fifty thousand? More? When prices range from three-figures to six-figures, how do you identify the difference between discount web design and custom, high-end web design; besides trying to use price as a gauge?

Implementin HTML 5: A World (Wide Web) Improved

By: Tucker | 20/11/2009
HTML 5 is the newest version of HTML. Its still being revised and re-worked for a mainstream environment. Learn about why HTML 5 is such an advancement from HTML 4.

How To Build A successful Hosting Company

By: durgesh02 | 20/11/2009
There are a couple of key things to look at when starting a hosting company. Basically there are four major factors to look at provided you have the servers, and technical abilities. 1. Site design is the first thing a prospective customer sees I have seen some horrible designs for hosting companies. If you think putting some text, links and a logo on a page is enough, you will likely fail before you even realize.

New Malicious iFrame Injection - Mal/Iframe-N

By: Joseph Schembri | 09/11/2009 | Web Design
The Mal/Iframe-N appears to be the latest malicious iframe injection attack on websites. Since releasing detection for Mal/Iframe-N, SophosLabs have seen a rising number of detections. Detections are now into the thousands of websites affected by this threat. Some of the sites hit are also well known.

More On Hidden Malicious Iframe Injections

By: Joseph Schembri | 08/11/2009 | Web Design
To hide iframes in the HTML, hackers use obfuscated scripts. Apart from obfuscated scripts, hackers are now also using what is called packed javascripts. Packing javascripts is a good thing as it improves delivery and optimization. But, as always, these legitimate things can be used in a bad way to hide and insert malicious unreadable iframes into your web page. When you check the HTML code of such web pages you don’t see any iframes, just some JavaScript with unclear purpose.

Obfuscated iFrame Injection Attacks

By: Joseph Schembri | 01/11/2009 | Web Design
Compromised websites can be infected with hidden iframes and/or with obfuscated (escaped) javascript code. Obfuscation is the concealment of meaning in communication, making communication confusing, intentionally ambiguous, and more difficult to interpret. It is basically a form of encryption.

Using File Permissions To Combat iFrame Injections

By: Joseph Schembri | 21/10/2009 | Web Design
Most website file permissions are CHMOD 644. Since iframe injections attack your index.* web pages, the CHMOD 644 may not be enough to protect them. CHMOD 644 gives you, the user, all read, write and execute permissions and everybody else only read and execute permissions. You would think that this should be enough to prevent an iframe injection. Unfortunately, it is not.

Measures to Prevent and Detect iFrame Injection Attacks

By: Joseph Schembri | 14/10/2009 | Web Design
If you have suffered an iframe injection attack you need to act fast. If the security of your website is compromised, it can affect the search engine rankings of your website. Besides, it may pave way for more sophisticated attacks. Google will mark your site in it's search results with a warning: "This site may harm your computer". Your traffic will go down to zero.

How To Submit Your Blogger Blog To Search Engines

By: Joseph Schembri | 11/10/2009 | SEO
How to submit your Blogger Blog to the major search engines in the same way as done with websites. Learn how to do a complete submission rather than just submit a URL that would have an unkown time for indexing, being added to the search engine directory.

Website Protection Using The Index Page

By: Joseph Schembri | 09/10/2009 | Web Design
The other directories(sub-folders) on your website, the ones below your root directory, which is typically called "public", or "public_html", do not normally have an index page. If the index page is not there, your visitor may be able to view every web page or file you have in that directory. A folder without an index page is open and everyone can find your product if they search for it. You thus should create an index page for all your folders.

Submit Your Articles Free: Signup
Joseph Schembri Joseph Schembri has 14 articles online.
Contact Author
Subscribe to RSS

Print article
Publish this Article
Send to friend
Article Categories



Need Help?
Contact Us
FAQ
Submit Articles
Editorial Guidelines
Blog
Site Links
Recent Articles
Top Authors
Top Articles
Find Articles
Site Map
Webmasters
Partner with Us
RSS Builder
RSS
Link to Us
Business Info
Advertising
Article Writing
Partner with Us

Use of this web site constitutes acceptance of the Terms Of Use and Privacy Policy | User published content is licensed under a Creative Commons License.
Copyright © 2005-2008 Free Articles by ArticlesBase.com, All rights reserved. (0.20, 2, w1)