IFRAME insert origin?

Discussion in 'Windows Desktop Systems' started by melon, Dec 19, 2005.

  1. melon

    melon MS-DOS 2.0 Political User

    Messages:
    854
    Location:
    Ásgarðr
    Not sure which forum this belongs in, but I'm a bit peeved. Someone made me aware that they were getting errors on my website, and, looking at the code, I found this was inserted at the top of my index.html page:

    Code:
    iframe src= http://%77%77%77%...(etc.)?id=index12 frameborder="0" width="1" height="1" scrolling="no" name=counter></iframe>
    Note that I cut off the series of "%xx" numbers, because I think you get the idea. Checking the "last modified" date, it was inserted on December 17th. I've done lots of searching, and I can't find any information at all on anything similar to this. Does anyone know of a vulnerability floating around that would cause something like this?

    Melon
     
  2. Khayman

    Khayman I'm sorry Hal... Political User Folding Team

    Messages:
    5,518
    Location:
    England
    if you're using somekind of free hosting, they may have inserted the code for ads
     
  3. melon

    melon MS-DOS 2.0 Political User

    Messages:
    854
    Location:
    Ásgarðr
    It's a paid host, so it wouldn't be anything like that. I've already removed the code with no problems.

    Thought: it's a shared hosting solution. If another user on the server was using vulnerable code (like an out-of-date forum software), I presume it could hit everyone on the same server? It's just baffling me, because I even checked my access logs to correspond to the "last modified" date on my index.html file, and there's absolutely nothing out of the ordinary.

    Ideas?

    Melon