LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices

Reply
 
Search this Thread
Old 12-19-2012, 04:42 AM   #1
LukasH
Member
 
Registered: Jul 2012
Posts: 31

Rep: Reputation: Disabled
iframe injection


Hello,

this is the follow-up question to this thread. My webserver became a shameful victim of an iframe injection. Now - what to do? Does anyone know?
 
Old 12-19-2012, 07:05 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,999
Blog Entries: 54

Rep: Reputation: 2745Reputation: 2745Reputation: 2745Reputation: 2745Reputation: 2745Reputation: 2745Reputation: 2745Reputation: 2745Reputation: 2745Reputation: 2745Reputation: 2745
First find out and list the files the i-frame problem is located in. Then you can clean up the i-frames (depending on what's used a 'sed' one-liner may do) but note these redirections are the symptom, not the cause, so "cleaning up" without addressing the core problem may see them return soon after.

The real problem is PHPKIT (or plugins or bad configuration or it being hosted on a shared host and then some). When you look at the page source you'll see "PHPKIT WCMS - Web Content Managment System - mxbyte GbR copyright 2002-2009". Unless that's an oversight on the developers part that means it's running an old version. PHPKIT seems to have (had?) somewhat of a history of vulnerabilities (CVE oddly enough doesn't show any entries after 2008 while I definitely can find them) so the first thing would be to decide if the owner still wants to run PHPKIT. If so then upgrading to 1.6.6 (also see this) is a given. Else you simply have to find another capable CMS (real soon now).
 
1 members found this post helpful.
Old 12-19-2012, 07:23 AM   #3
LukasH
Member
 
Registered: Jul 2012
Posts: 31

Original Poster
Rep: Reputation: Disabled
I am not known to the world of CMS's, can you recommend a good and safe one? Also, I am not confident with the support results I became from the provider, which is www.artatis.de - can you recommend a good filehoster too?

I think your post just explained all my problems better than I was able to find out before. Thank you so much!
 
Old 12-19-2012, 08:57 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,999
Blog Entries: 54

Rep: Reputation: 2745Reputation: 2745Reputation: 2745Reputation: 2745Reputation: 2745Reputation: 2745Reputation: 2745Reputation: 2745Reputation: 2745Reputation: 2745Reputation: 2745
Quote:
Originally Posted by LukasH View Post
I am not known to the world of CMS's, can you recommend a good and safe one?
Me neither. My first question would be: does the site really need a CMS? Put differently: if there's only a small part of the site that actually needs to be updated dynamically then focus on getting a solution for that. Anything that can be rendered statically once may become less of a target for this type of i-frame tricks. If you're going to want another CMS you'll have to do some research but I'd say basically any CMS that has shown they fix vulnerabilities fast, has a large user base and has a current, maintained version, in short: "the major brands". From that shortlist pare down those with features you don't want or need and those that have requirements you can't fulfill.


Quote:
Originally Posted by LukasH View Post
Also, I am not confident with the support results I became from the provider, which is www.artatis.de
While I haven't researched it too exhaustively I see Artatis resides inside the Hetzner network and anyone who watches attack and traffic reports knows Hetzner doesn't spell much good: see for example this or this report (they'll load slowly due to the amount of entries). Note this in no way implies "big names" like 1&1, Godaddy or Rackspace are free from sins.


Quote:
Originally Posted by LukasH View Post
can you recommend a good filehoster too?
I can't. Ultimately it's a cash question. Well-known consumer organizations, local (as in language) fora or your local LUG (Linux User Group) should provide you with a good starting point asking for experiences.


Quote:
Originally Posted by LukasH View Post
I think your post just explained all my problems better than I was able to find out before. Thank you so much!
You're welcome.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
problem with iframe shifter Programming 2 03-19-2010 07:59 AM
Iframe issues asassin85 Linux - Newbie 4 08-20-2009 05:24 AM
A virus changed all my index files with iframe, how to remove that iframe line? Farman Linux - Security 10 07-16-2009 08:40 AM
force iframe content to remain in iframe? frieza Programming 1 09-17-2008 06:29 AM
iframe woes ScottReed Programming 0 07-26-2007 11:04 AM


All times are GMT -5. The time now is 03:58 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration