Subscribe: RSS
  • Hi guys,

    So im infected by the iframe hack, has anyone had something like this?
    Worst thing about this hack is it looks like its dynamically moving around, sometimes its there, and then suddenly its not.

    See this screenshot example, i used Vurl online scanner - tried a few other ones they show nothing though...



    I have checked all pcs on network, no sign of trojan, so have no clue when or how the website got infected so far. I will check the ftp log files later today for the last month or so.

    Only thing i found in regular template was some dodgy javascript link but that was about it, this was before the online scan btw.

    Has anyone experienced this before, and how to deal with this?
    • Would need to know more about your full server details (see my signature), your MODx install version and other applications running on your server.
        Ryan Thrash, MODX Co-Founder
        Follow me on Twitter at @rthrash or catch my occasional unofficial thoughts at thrash.me
      • Same for me: "iframe infection" embarrassed

        modx Evo 1.04
        Apache 2.2.12
        MySql 5.1.37
        Php 5.2.13

        SMF Forum installed on the same domain (on another DB)
          Free MODx Graphic resources and Templates www.tattoocms.it
          -----------------------------------------------------

          MODx IT  www.modx.it
          -----------------------------------------------------

          bubuna.com - Web & Multimedia Design
        • Which version of SMF banzai?
            Ryan Thrash, MODX Co-Founder
            Follow me on Twitter at @rthrash or catch my occasional unofficial thoughts at thrash.me
          • Modx version: 0.9.6.3
            Apache/1.3.41 (Unix)
            PHP/5.2.13
            FrontPage/5.0.2.2635
            MySQL client version: 4.1.22
            Mysql Server version: 4.1.22

            Ive checked ftp logs and modx logs cant find anything.

            I fear it might of been some sort of sql injection? I did find a trojan on a pc that had access to the site, kaspersky didnt detect this - ad-aware did the job smiley

            Trojan that i found ( since this could be related and some ppl might fell over this thread smiley ) Win32.Trojan.AntiAV/AC Engine

            Still stuck though im slowly doing text backup on the site as im thinking only solution left is a complete reinstall with newest modx
            • SMF 1.1.1

              But infection (iframe) is in MODX pages / templates.
                Free MODx Graphic resources and Templates www.tattoocms.it
                -----------------------------------------------------

                MODx IT  www.modx.it
                -----------------------------------------------------

                bubuna.com - Web & Multimedia Design
              • Banzai do you have the same issue as me, meaning: you can see the iframe injection only at certain times with online scanners, yet its not there when you actually check source code/ templates.

                Another thing to note: i have scanned all my ftp files with avira / ad aware no detection what so ever sad
                • Yes! No iframe code, in the source code or in modx templates/chunks huh

                  pocketp , what kind of onlinescan do you use?
                    Free MODx Graphic resources and Templates www.tattoocms.it
                    -----------------------------------------------------

                    MODx IT  www.modx.it
                    -----------------------------------------------------

                    bubuna.com - Web & Multimedia Design
                  • But can you see the iframe code on your page when your browsing - is the position the same? or does it dissapear after page refresh? how did you detect the injection in first place?
                    • My Avira antivirus advised me about the virus and a couple of hours later i received a mail from Google Webmaster tool.

                      The only iframe i can see on the site, is Google Adsense smiley
                        Free MODx Graphic resources and Templates www.tattoocms.it
                        -----------------------------------------------------

                        MODx IT  www.modx.it
                        -----------------------------------------------------

                        bubuna.com - Web & Multimedia Design