Comments on: Blocks the Annoying goooogleadsence.biz Iframe

By: computer

computer — Wed, 24 Feb 2010 07:20:40 +0000

themenya bagus mas sampe sya sedikit bingung diawal-awal:D
makasih pluginnya juga. ditunggu kreasi selanjutnya..

By: agus

agus — Fri, 28 Aug 2009 12:50:58 +0000

thanks for plugins

By: ini dan itu

ini dan itu — Sun, 09 Aug 2009 00:46:14 +0000

wah telat neh kita tau nya
kita sampe pindah hosting lho , gara gara iframe beginian
btw , comment nya kasih notify me dong biar tetep bisa folllow
thanks for the nice info & tools

By: rumahuang

rumahuang — Sat, 25 Jul 2009 21:20:13 +0000

thank you for the information and waiting for a better version

By: Rajesh

Rajesh — Tue, 09 Jun 2009 10:46:21 +0000

It do not return if you have taken care to use FTP only from clean system. Before you use FTP, change your webhost and FTP passwords. To ensure that I use FTP again from clean system, I use live CD of linux and download FTP program and then do any upload download.

This virus attack happens only if you have used FTP from infected system. The webhost system admin sent me log of FTP activity from others uploading files to my host account.

After I take this care, no infection is taking place.

By: Ka!Tok

Ka!Tok — Mon, 04 May 2009 09:06:57 +0000

mas yang di wp theme direktori apakah sudah diupdate? ato aku masih perlu plugins yang sampeyan buat untuk mengatasi masalah?

By: targetseo

targetseo — Sat, 25 Apr 2009 05:49:33 +0000

i have tried to remove but again that script was automatically generated, what should we do?

By: Akash Callikan

Akash Callikan — Wed, 22 Apr 2009 11:04:35 +0000

I’ve had the same problem on my test server these last few weeks. Thankfully I have nightly backups. Anyway, after some research I thought it might be related to PHP’s register_globals setting. Turns out I was right. The damn setting was on.

Now that I’ve cleared it, attacks have stopped. So you all might wanna check if your host has left it on in php.ini. If you can’t edit your php.ini file, just add “php_flag register_globals off” at the top of your root .htaccess file.

Cheers

Akash

By: Daniel

Daniel — Mon, 06 Apr 2009 19:55:43 +0000

The method they spread the exploit isn’t entirely your fault. The reality is that the server gets rooted, which establishes the exploit. Once someone has access to a server via root, they can scour the remainder of the hosting server and infect any site residing on that server. This is a massive hole with many hosting providers, Dreamhost seeming to be the only one that’s been open about the problem and offering suggestions and solutions.

Once the exploit is placed, this has potential to propagate to client-side machines through any insecure browser (IE, Opera, and now Firefox from what we’ve been seeing).

Chrome appears to be the only browser capable of mitigating the issue for client-side machines at this time, as it shuts the session down immediately upon detecting the malicious code.

The best article regarding this issue is here:
http://www.softpanorama.org/Malware/Malicious_web/malicious_iframe_attack.shtml

A good solution to consider, if you have access to your server (though the server itself needs to have the rootkits removed) is here:
http://www.gotroot.com/tiki-read_article.php?articleId=278

If you’re on Windows hosting, or with a provider that’s not willing to admit to their servers becoming compromised (regardless of how it happened) — good luck trying to get any host to 1) own up and 2) take action.

So for now, regard filter as only a band-aid precaution to prevent other machines from becoming infected.

By: mbelGedez™

mbelGedez™ — Mon, 06 Apr 2009 06:29:54 +0000

Woooogh,…
Nice post, Jib…

But I’m still waiting for “Smile Like Facebook” theme….