I have had many requests from people reading my articles on combatting iframe injection attacks to create a quick start page with the various links one can use to detect and recover from iframe injection attacks.
These links are just a quick summary and you should read the full article to get the maximum benifits.
CHECKING TO SEE IF YOUR WEBSITE IS SAFE
a) http://www.google.com/safebrowsing/diagnostic?site=http://yourdomain_name
Copy and paste the above link into your browser and then replace "yourdomain_name" with your actual website name, e.g., websiteprotection.net
b) http://www.unmaskparasites.com/
IFRAME SCANNERS
a) http://www.diovo.com
Using notepad editor, you need to change the following line in the script:
$webpath ="Type your domain name here. Eg:http://www.diovo.com/"
which becomes:
$webpath ="http://www.yourdomain_name/
Where "yourdomain_name" is replaced with your actual domain name.
Test URL is:
http://www.yourdomain_name/clean.php?s=index.php&c=iframe
where:
s=webpage.ext
b) http://www.websanity.co.uk
Using notepad editor, change the following lines in the script as required:
define('IGNORE_EXTENSIONS',"jpg pdf zip psd doc gif swf xls"); // Ignore files of these types
define("IGNORE_BEFORE", strtotime('2009-08-01') );
c) Auto Scanner Scheduler: http://www.splinterware.com
FILE PERMISSIONS
CHMOD 444 to prevent writing to web page
IFRAME DE-OBFUSCATORS
a) http://www.novirusthanks.org
b) http://www.patzcatz.com
c) http://www.strictly-software.com
IFRAME UNPACKERS
a) http://matthewfl.com
b) http://blog.shimazu.org
c) http://www.strictly-software.com
IFRAME PACKER
For those who want to see how packing is done with a javascript packer.
Make sure to check the "Base62 encode" box or else it will not work.
http://dean.edwards.name/packer
You should use this quick guide after you have read all related iframe injection articles.
Don't forget that not all iframes are bad. Be sure before you delete.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment