Security alert – iframe infection
In recent days, we have noted a number of customers reporting third party codes uploaded to their sites. In most cases, a single line or a short paragraph were added to their index page, either linking to a third party site or directly trying to install a trojan on the page visitor’s computer when no antivirus was present. In affected clients websites we have not seen changes to the databases or other files. It appears to be done by an automated software that has obtained FTP access to those accounts.
We have audited our servers and did not find any malware, however we are not taking any risks and would like to remind to all shared hosting customers standard procedures to keep their accounts secured:
1) Please make sure to update your cPanel password regularly and make sure this password is kept securely, and is not the same as your email or other online accounts.
2) Make sure to update your PHP scripts to the latest versions (especially open source scripts such as wordpress, joomla etc.)
3) Make sure that all computers accessing your account through FTP or cPanel are spyware and malware-free, and have up-to-date antivirus and anti-malware software. Computers from which your account is accessed should not be used to visit sites potentially dangerous such as torrent sites, adult sites etc., or run related softwares.
If you have forgotten your password, please submit a ticket at support@sinohosting.net from your registered email account to have your password reset
On our end we are implementing a new security rule to force cPanel password changes every six months, however clients can are recommended to update their passwords even more often. We apologize for the additional trouble however this should go a long way in ensuring passwords of the accounts are not gained by unauthorized third-parties.
Should you notice any unusual activity at your account or changes to your home page please make sure to contact our support team at support@sinohosting.net for assistance.
The Management
www.sinohosting.net
March 1st, 2012 at 11:15 pm
yes, had it on my website. easy to remove from the index file but worrying. thanks for the post, maybe you should give some info about how to remove the iframe code