Webmaster Forum

Go Back   Webmaster Forum > Web Development > Coding Forum

Coding Forum Problems with your code? Discuss coding issues, including JavaScript, PHP & MySQL, HTML & CSS, Flash & ActionScript, and more.


Reply
 
Thread Tools Display Modes
Share |
  #1  
Old 06-03-2011, 04:18 AM
double-happiness double-happiness is offline
Junior Member
 
Join Date: 06-03-11
Posts: 1
iTrader: 0 / 0%
Unhappy dsnextgen.com iframe hack - any help please?

I've just moved my hosting to a new (paid) provider after my previous (free) provider cancelled my account without warning or explanation (the account may have been compromised, I don't know).

Anyway, after uploading a few image files to start rebuilding my site, I decided to have a look at my domain to see what was displaying there. The home.html page that is already installed by my host (ipage) was clearly infected, and contains the following malicious code:
PHP Code:
[table width="100%"]

[
tr]
[
td align="center"]

[
iframe src="http://dsnextgen.com/?a_id=101686&domainname=referer_detect" frameborder="0" height="800" scrolling="auto" width="800"][/iframe]

[/
td]
[/
tr]
[/
table]

[/
body
So this iframe displays every time a page is not found. Actually, the site would try to open a pop-up window from the home page before I uploaded my index.html file, but I'm not getting this behaviour now. I've tried to discuss this with my web host but so far they keep saying my site is fine.

I've tried downloading the home.html file, removing the iframe code and overwriting the file, but the iframe just reappears.

Can anyone help please?

Last edited by snakeair; 06-03-2011 at 07:57 AM.
 
Reply With Quote

Advertisement

Advertisement

  #2  
Old 06-03-2011, 08:46 AM
robjones's Avatar
robjones robjones is offline
v7n Mentor
 
Join Date: 09-15-09
Location: Texas
Posts: 9,680
iTrader: 0 / 0%
Mod-bumping this for visibility. Looks like a problem that needs solving.
 
Reply With Quote
  #3  
Old 06-03-2011, 11:09 AM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,476
iTrader: 5 / 100%
What is your url? If you don't want to publish it here (probably not a good idea until you fix this) then PM me.
 
Reply With Quote
  #4  
Old 07-09-2011, 08:26 PM
whatsanike whatsanike is offline
Junior Member
 
Join Date: 07-09-11
Posts: 1
iTrader: 0 / 0%
Quote:
Originally Posted by double-happiness View Post
I've just moved my hosting to a new (paid) provider after my previous (free) provider cancelled my account without warning or explanation (the account may have been compromised, I don't know).

Anyway, after uploading a few image files to start rebuilding my site, I decided to have a look at my domain to see what was displaying there. The home.html page that is already installed by my host (ipage) was clearly infected, and contains the following malicious code:
PHP Code:
[table width="100%"]

[
tr]
[
td align="center"]

[
iframe src="http://dsnextgen.com/?a_id=101686&domainname=referer_detect" frameborder="0" height="800" scrolling="auto" width="800"][/iframe]

[/
td]
[/
tr]
[/
table]

[/
body
So this iframe displays every time a page is not found. Actually, the site would try to open a pop-up window from the home page before I uploaded my index.html file, but I'm not getting this behaviour now. I've tried to discuss this with my web host but so far they keep saying my site is fine.

I've tried downloading the home.html file, removing the iframe code and overwriting the file, but the iframe just reappears.

Can anyone help please?
I think I figured it out. On my site ikeslist.com it was happening any time I disabled by renaming the .htaccess file which then stopped drupal from serving the Drupal error pages and instead caused bluehost to run a program to serve ads. So then the bluehost utility took over. your webhost might have a different way of doing this. Bluehost offers "unlimited" domains on one account, and they make money off this freebie by serving ads. Unfortunately, the redirect seems to be to dnsnextgen.com which is detected as adware by AV programs, and so, my AV put up a nasty-looking popup window warning which would have to be overridden to see the ads, something I haven't tried to do. The way bluehost does this is by putting this code in the 404 page:
Code:
<!-- SHTML Wrapper - 404 Not Found --> <!--#exec cgi="/cgi-sys/fourohfour.cgi" --> This brings up a program from the server root: less /root/bin/fourohfour.cgi #!/usr/bin/perl =pod =head1 NAME fourohfour.cgi - Show 404 page $Id: fourohfour.cgi,v 1.2 2010/09/29 17:15:46 rob Exp $ =cut use strict; use warnings; use CGI; __PACKAGE__->runner; sub runner { my $q = new CGI; # Google doesn't like "Soft 404" responses that look like a 200 status. print $q->header(-status => "404 Not Found");
Maybe your webhost has a different way of doing it, with not so much finesse.
These free or economy hosts that let you have extra domains are making money off you. The main problem is the warning popup that can give your site a bad name with the public. I don't know if dnsnextgen.com is really a malware infested hole or just adware.

Last edited by HTMLBasicTutor; 07-09-2011 at 09:31 PM.
 
Reply With Quote
  #5  
Old 07-26-2011, 11:47 AM
coloweb coloweb is offline
Junior Member
 
Join Date: 07-26-11
Posts: 1
iTrader: 0 / 0%
I am running into the same thing with a client who is switching to Bluehost. How do you fix this?
 
Reply With Quote
Go Back   Webmaster Forum > Web Development > Coding Forum

Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Paypal Hack superboysahil Tech Talk 17 02-14-2008 10:11 AM
Hack yesterday. amxcorey V7N Forum Support 15 01-11-2008 12:54 PM
CSS hack for IE? Foxtrck Coding Forum 4 12-05-2006 03:52 PM


V7N Network
Get exposure! V7N I Love Photography V7N SEO Blog V7N Directory


All times are GMT -7. The time now is 08:04 PM.
Powered by vBulletin
Copyright 2000-2014 Jelsoft Enterprises Limited.
Copyright © 2003 - 2018 VIX-WomensForum LLC