I have found that lots of websites Hacked by an Ifram code in the bottom of every page..
In fact, i found the solution "no did, FOUND"
1. The first thing to do to prevent these kinds of attacks is to change your ftp, control panel and database passwords as soon as possible.
2. Change the file permissions in your server to the maximum secure mode.
3. Download all your files from the server and check for infections. Clean the infected files.
4. Using a good antivirus software, scan and clean every PC you use for logging into your hosting server.
5. Never use public computers to access your server.
How do I clean infected files?
Use these regular expressions to search for all pages containig the malicious code and replace it with space:
<iframe src=\”http://[^"]*” width=1 height=1 style=\”visibility:hidden;position:absolute\”></iframe>
echo \”<iframe src=\\\”http://[^"]*\” width=1 height=1 style=\\\”visibility:hidden;position:absolute\\\”></iframe>\”;
You may have to write a script to automate this for all the files in the server.
I have cooked up a php script that can help you find out the infected files.
Download the file http://www.diovo.com/wp-content/uploads/2009/04/clean.php.txt, save it as clean.php (it is currently clean.php.txt) and upload it to the root folder of your website.
You may want to change some hardcoded values inside the file.
Then login to the url: http://www.yourdomain.com/clean.php?s=i ... p&c=iframe
The s parameter specifies the file name to search for and the c parameter specifies the text to search for inside the file. The results will be something like:
Clean hidden iframes
It will list all the ”index.php” files in your website and if any of the files contains the given string, it will print the part with the string. In the above screenshot, you can see that one file is infected.
Note that the script will not remove the iframes from your files. Automated cleaning could break some of your websites. So as of now you will have to clean the files manually.
Faiz has written an advanced ASP.Net script for this, and it can be found here.
Will my search engine rankings be affected by this attack?
Try to be fast with these steps because if a visitor see the message “This site may harm your computer” pop up when (s)he try to access your website/blog, (s)he may not return again. Remember that if the security of your website is compromised, it can affect the search engine rankings of the website. Besides, it may pave way for more sophisticated attacks.
Google will mark your site in it’s search results with a warning: “This site may harm your computer”.
Use the following link to see what google thinks about your website (give the url of your site instead of shopfloorbd.co.uk):
http://www.google.com/safebrowsing/diag ... orbd.co.uk
As mentioned above, you must remove the malware from your local machine using some antivirus software. AVG sees it as “Trojan Horse Downloader” and NOD32 sees it as “JS/Kryptik.B trojan”.
Note that when visiting an infected site, some antivirus softwares prompt you that “Trojan Horse Downloader”, an exe-file is trying to get loaded. Once the exe infects your machine, it will infect your server too.
Here are some more code samples caught from the wild:
Moderator note: Don't put links from malicious sites here, that only helps them!