Full Version: How to Permantly remove Iframes
Get Paid Forum - Get Paid Discussion > Get Paid To Programs > Sites Allegedly with problems of hacking/virus/0-iframes, autosearches etc ... > Sites with autoinsertingscripts
can any one please help me by telling me how to get these iframes removed from my server I have several accounts that have them. I remove them almost daily it seems sometimes and again they are there. I'm really ready to lose it and just stop all PTR sites on my server. but I dont wanna do that can anyone help?
If you're referring to the hacker iframes I don't think stopping PTR sites is the solution because they turn up on all sorts of sites.
I don't know anything about servers, but you should ensure that everything is updated, cpanel and all to make sure there's no vulnerabilities there. Everyone with cpanel or server access should scan their PCs for keyloggers with multiple AVs and ensure the passwords are all changed.
Some of the iframes come with a file that is left on the server that I believe gives the hacker remote access after they got in once, but apparently not all of them do this.
There's a thread here about using a server malware scan http://help.lockergnome.com/security/Javas...opict10748.html I don't know if that helps.
One program owner said that their host had them stay off their site for a few days so they could see easier where the iframe was coming from and their sites don't seem to be getting hit any more.
Another problem might be that if someone with a website hits another infected site, they seem to sometimes then end up with the iframes on their site. Adding known malware domains to host blocks on their PCs and on the servers might help this, but it's hard to get a full list of affected domains. Most hosts file lists don't have all these domains in them but they are a good start.
This page has a very good list of the ones that have been hitting the PTR and similar sites
http://www.johnsonwebdesign.net/list_Adblock.txt
The top two blocks in particular list many of the hacker domains that need blocking, and this list will be updated frequently when new ones are discovered - they add new malware domains all the time
I don't know anything about servers, but you should ensure that everything is updated, cpanel and all to make sure there's no vulnerabilities there. Everyone with cpanel or server access should scan their PCs for keyloggers with multiple AVs and ensure the passwords are all changed.
Some of the iframes come with a file that is left on the server that I believe gives the hacker remote access after they got in once, but apparently not all of them do this.
There's a thread here about using a server malware scan http://help.lockergnome.com/security/Javas...opict10748.html I don't know if that helps.
One program owner said that their host had them stay off their site for a few days so they could see easier where the iframe was coming from and their sites don't seem to be getting hit any more.
Another problem might be that if someone with a website hits another infected site, they seem to sometimes then end up with the iframes on their site. Adding known malware domains to host blocks on their PCs and on the servers might help this, but it's hard to get a full list of affected domains. Most hosts file lists don't have all these domains in them but they are a good start.
This page has a very good list of the ones that have been hitting the PTR and similar sites
http://www.johnsonwebdesign.net/list_Adblock.txt
The top two blocks in particular list many of the hacker domains that need blocking, and this list will be updated frequently when new ones are discovered - they add new malware domains all the time
Another thing is to find a reliable host. Some host owner or the reseller themselve are doing this dirty job. 
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.