One of our clients has recently been hit by what is called an iframe hack.
This one is recognisable as your website pages will have a small frame in the middle of the content area which displays google.com but it most likely a phishing website that is loaded with malware.
There are a number of possible routes for your site to be hacked. Most of which are covered in this forum thread: http://forums.digitalpoint.com/showthread.php?t=901622
The most obvious reason are as follows:-
- Poor quality admin password.
If you have access to your websites admin section you must ensure your password is strong. - Software vulnerabilities
Just like your computer needs to be kept up-to-date as does your software. These patches can sometimes be applied easily over-the-top of your existing install. Major patches require a complete rework of the site. - Infected computers
If your computer has been infected in any way by a Trojan, keylogger or malware then this could be the culprit.
The infected account is then used to distribute any account passwords including FTP which leads to the infection of perfectly secure sites that are then infected with the iframe hack.
We contacted Heart Internet, who provided the followng advice:
My site is infected with Malware – what do I do?
There is a windows PC virus that is able to capture FTP passwords from you whilst you are using them. It then connects to the FTP server and changes the index.* files on your website.
You should do the following:
1. Using a good antivirus software, scan and clean the PC that you use to connect to FTP.
2. Change your FTP passwords and your control panel passwords.
3. Edit and remove the code from your index files. Look for lines that begin “<iframe src=” and then they link to other sites.
4. Ensure that any scripts you are using (WordPress, Joomla etc.) are all up to date.
