Iframe Injection Hack

Have you ever  typed an innocent search result only to click on a result in Google to be alerted ‘Warning this site may harm your computer.’? Obviously not wishing to harm my computer I avoided the site and went on with my search.

These type of attacks can cause great harm to your website’s reputation as people are unlikely to ignore the stern warning. Often site owners are bemused as to why this is happening.  What is causing their sites to behave in this way and as the webmaster what can you do to remove the warnings from the search results?

In the majority of cases the warning results because hackers have injected code into your own html. This is usually in the form of an iframe, or a web-page within a web-page. To avoid detection, the iframe is made to have a size of 1 px, and is then set to be invisible using CSS.

It is believed that the code can be added to the site because there is a  virus or worm on your computer which steals your username and password for your website. It will then add the code similar to this to your index.php, index.htm, files.

<iframe src='http://url/' width='1' height='1' style='visibility: hidden;'></iframe>

If a hacker can access your site and insert code in this way it makes the damage that can be done open-ended from Black-hat SEO, to stealing information or installing Malware.

You won’t be able to see this website but it is now linked with yours.  The code can be removed and uploaded but this may only be temporary solution.

What else can you do to ensure that it doesn’t happen again?

• The first thing to do is to remove the virus using a virus checker. When it is removed update your computer with the latest security updates.

• These hacks often occur on blogs and other content management systems so you should always keep  it updated if possible or secure your blog using methods discussed previously.

• Ensure your files have the correct permissions, 644 permissions where it would not disrupt the software operation.
• When you computer is free of viruses, worms and malware,  change all site-related passwords (FTP, Control Panel, etc.)
• If necessary, contact your host to investigate the issue.
• If you haven’t already got one, get a Google Webmaster Tools account. This will alert you to the number and type of links on your website. Request a review via Google’s Webmaster Tools when you believe your site is clean.