hi,
my page was hacked by iframes which appeared like the following

<iframe src = "http://domain.com/index.php"></iframe>
<html>
<head>
</head>
<body>
</body>
</html>

i wrote a javascript code to remove all iframes but it removed only the iframes inside body tag but not outside the html tags...

is there anyway to prevent html elements outside html tag or is there a way to dynamically remove any element which gets inserted outside html tag?

You really need to fix vulnerabilities issues in your code to prevent hacking of your contents.

You shouldn't have used the actual URL - at least, I'm assuming that's one of the hack sites you've seen in your code. I've reported the post so a mod can edit out the suspect URL.

Their is no way to directly removing the root element in javascript. you need to remove it manually. And keep your server passwords like (ftp passwords securely. Don't save the ftp details while connecting to the server. It may leads to hacked by the hacker).

thanks for the suggestions... anyway...
keeping the ftp.... related answers... yes ofcourse my site is secure... it is just another site...
i found another forum stating that jquery solves it...
the remove method of jquery removes elements present at any position in the hierarchy... but i have not yet tested it.

i found another forum stating that jquery solves it...
the remove method of jquery removes elements present at any position in the hierarchy... but i have not yet tested it.
Hey: JQuery is nothing but a javascript library. Or javascript is a client-side language: it can not write nor delete data physically. You must delete the malicious codes by hand, change your FTP user/password (and maybe the name/user/pass of your DB, if any) and secure your site. When you have pneumonia, taking Aspirin is not enough :)

yes sir boss... ofcourse yes it is... i was trying to debug the replace method and i dont want waste much time... there is something i am missing and i will replace it... besides i tried the forum.... c u all...

Look how the things are stated: JavaScript can, somehow, remove (we may say - virtually) the document's elements, but it does it at the client's level. The main problem is that JavaScript needs those elements to have been already loaded, in order to find out, afterwards, what it has to remove. So that there is enough time for a malicious code to do its job before a javascript method would remove it. This is what we were talking about.