November 28th, 2009 
Aneesh
This year, there has been a large increase in the number of legitimate websites infected by a so-called “iframe” threat – a type of malicious script.
Several prominent websites have come under attack from hackers who have modified the underlying code so that malware can be distributed to unsuspecting users who visit the site. When a user visits an infected site, an invisible connection is established to a remote server, which can then attempt to install malware on the user’s computer. The intention could be to generate spam, or possibly something more sinister, such as stealing personal information e.g. bank account or credit card details. The above texts are taken from Avast news letter]
How does Iframe attack happens ?
Iframes are inserted to web sites files through FTP. Normally , people (developers, webmasters etc) used to save the ftp password in their FTP client programs (Cute FTP, filezilla etc). In such case, if that system is infected with virus or any malware the saved ftp password will be taken and emailed to hackers (who created the virus or malware to get the ftp details of web sites). Once hackers get this ftp password, they have automated system to insert the Iframe to web site files thorugh their FTP program. Once the iframes are inserted to the website, when users broswse the infected website their system also get infected with malware or virus. If users are using a good antivirus program they may get a warning that the server is infected.
What can i do if my system is infected ?
I did not find any anti virus program that will detect the virus or malware. I think it is best idea to Format the system and reinstall everything than taking RISK. Also Enable Firewall in the system after installing the OS
What all security methods can be taken in order to prevent this kind of iframe attack ?
Since the Iframe attack happens thorugh FTP password our first attention should go to securing FTP server. Instead of using normaly FTP, use SFTP and this can help us upt to an extend. Also, the best idea is to allow FTP access from allowed IPs only. This can be done using either software or hardware firewalls. Since , hardware firewall is expensive we can think of software firewalls. For windows IIS ftp service, we can deny all ips except allowed IPs. For linux this can be done using Iptables (http://www.hellosystemadmin.com/restrict-ftp-access-using-iptables/). The above tasks can be done by an administrator only and this will not be so a fast method when FTP usrs have dynamic Ip address. So we need to think about creating some scripts (php , VB, shell ) which can be used by all users. For example in a linux server we can create some PHP script which will use Iptables command to add his ip to the firewall. I suggest a simple algorithm to do this task
Create a mysql database with two tables ‘users’ and ‘rules’ . The table ‘users’ includes the customer Id and password. And the second table should include CustomerID, IPAddress and Status (You can add any other fields according to your convenience). Now we needto create a php script which will call iptables command to add the firewall rule. Follwoing is sampel rule
iptables -I INPUT -s XXX.XXX.XXX.XXX -d 0.0.0.0-p tcp -m tcp €“dport 21 -j ACCEPT
In the above command, we can pass the IP address and Status as php variables
Is your website compromised ? Simply fill the form given below
Posted in 
Wonderful.
Thanks for the information. What can we do if my system is infected
Thanks
Geoffrey
You need to immeidately change your FTP password. Now download all files and clean all files and make sure that it is free from bad code.
While I believe this is truly good info I am not sure if it is for me
There has not been a virus attach lately. Is antivirus firewall severity overrated?
There has not been a malware damage lately. Is antivirus firewall threat overrated?
You need to manually clean all files by editing each files and removing the bad codes
You made some Good points there. I did a search on the topic and found most people will agree.
Title…
Very interesting post. I would like to link back to it….
thanks for this usefull informations..
Hey I just received a popup from my firewall when I opened your page do you happen to know why this occured? Could it be from your ads or something? Thanks, really strange i hope it was harmless?
Dear Abdul,
There’s nothing bad in this site. we have added Google ads in the site and these ads are called from Google Site. If you do not allow that , the ad will not be displayed in the site. If you need to know anything more please feel to contact us.
First off excellent blog. Im not sure if it has been addressed, but when using Explorer I can never get the whole page to load without refreshing alot of times. Could just be my router. Appreciate your work
Thanks for the great post. I always like to bookmark credit or finance related posts like this one.
After searching for this information, I will have to say most people agree with you on this topic.
Thanks for the great post. I always try to bookmark webmaster or website related posts like this one.
Pretty good post. I just stumbled upon your blog and wanted to say that I have really enjoyed reading your blog posts. Any way I’ll be subscribing to your feed and I hope you post again soon.
Hey, this is my first visit to your blog… We are a group of volunteers and starting a new initiative in a community in the same niche. Your blog provided us valuable information to work on. good job
Thank you for another great article. Where else could anyone get that kind of information in such a perfect way of writing? Please visit my 2010 calendars site for return
Hey Sweet Blog! I found it on Google. Keep up the great work!
When I originally commented I clicked the “Notify me when new comments are added” checkbox and now each time a comment is added I get four emails with the same comment. Is there any way you can remove me from that service?Thanks
Dear Jimmy,
I will take care of this problem if it still exists.
Thank You,
Good review from you, i found myself lost in here if i hadn’t find your blog, thanks for your info
It amazes me to know that you have such a vast knowledge about this subject. Personally I think that this blog would be an eye opener to most of its readers
I admit, I have not been on this blog in a long time… all the same it was another happy to see It is such serious topic and avoided by so many, even professionals. I thank you to assist making people more awake of possible problems.
Found your blog on Yahoo
Excellent article! I enjoy your site very much.
Have you ever considered adding more videos to your blog posts to keep the readers more entertained? I mean I just read through the entire article of yours and it was quite good but since I’m more of a visual learner,I found that to be more helpful well let me know how it turns out. This is good…thanks for sharing
VERY GOOD ARTICLE WELL WRITTEN
Mass-Follow.com is hands down the best Twitter follow site around!
this is a really good resource for educators. thanks for sharing.
Hello there dude , awesome post there. I googled your blogkeep it up .I seriously heart to browse your site.Last of all have nice day cheers!
I simply agree
I enjoyed your blog, come check out mine sometime.
Hello just thought you will be interested to know that i have saved you to my bookmarks because of your great blog layout. With that being said
i think your blog has one of the neatest designs. I have seen yet.It really helps make reading your blog easier and the content is great. Good job on it. I shall come back and review any updates you make.
http://cs-frag-masters.cba.pl/profile.php?mode=viewprofile&u=429
Hello just thought i would tell you something.. This is twice now i’ve landed on your blog in the last 3 days searching for completely unrelated things. Spooky or what?
Hi,
Please tell me how did you land on this site. What were you searching ?. I added only technical articles here.
Thank You,
Aneesh Joseph
Author – Hellosystemadmin.com
I really like your post. Always been very informational. I hope you’ll keep up the good work and maintain the standard. Best of luck.
Great site! I have enjoyed reading your posts. Take care
Checking around for the best Area Rank and found a great site for them and your site looked like your readers might value it so I’ve linked to it here!
Check it out!
- All the best
Checking around for the best Hopeless Romantic and found a great site for them and your site looked like your readers might value it so I’ve linked to it here!
Check it out!
- All the best
MaxBoost 2.1.0.7 The name of the hard disk manufacturers Maxtor said the company’s new software driver “MaxBoost” to the company is a manufacturer of hard disk performance increase 60%technology .MaxBoost is a hard drive performance of the software driver, available at Microsoft Windows2000 and XP operating systems running this software is designed to enable the production of Maxtor parallel ATA or serial ATA interface hard drive performance is more perfect .MaxBoost software to Maxtor hard disk read-write data intelligently will host system RAM (random access memory) as a cache to store data, resulting in a system and the application is in any State can improve system effective storage data the software minimum requirements: 256 MB and 700MHz processors.
I understand this really is truly dull and you’re simply missing to another remark, but I simply wanted to throw a large thanks — a person cleared up some things for me!
Are there any conficker removal tools that really work? I am having a problem with conficker at the moment.