Hey guys,

I’ve been searching around and I haven’t been able to come across this problem as of yet. Now on my own personal website / forums, a page that I usually visit at least 5-10 times a day, I’m suddenly getting a virus warning which won’t allow me to visut my site.

Not entirely sure how or more importantly why I’m suddenly getting the error but I was wondering if anyone can help.

The error / virus is

“” HTML:|frame-inf “”

Here’s a screen shot of what pop’s up on my computer when I attempt to log onto my page. Also, I’ve tried attempting to report it as a false positive but I’m not sure if that’s going to get me anywhere. I’ve also contacted my friend who helps me admin the site and he did not and does not have any issue with our forums.

http://img115.imageshack.us/img115/9085/123t.png

Any help here would be greatly appreciated !!!

This is an indication of an iframe infection on your site. It is possible that someone or something has added this infection to your site.

But, there is little help we can give without the URL to test the site and you have “blocked” the URL from being seen by us.

Any information would be even more helpful, like the URL so it can be investigated.

I would say it is almost a cast iron certainty that your site has been hacked, the insertion of an iframe tag/s. Of all the sites I have investigated with this malware name, none have proved to be false positives. You only need to do a forum search for the malware name to see this.

Check your site code normally after the closing html tag for any hidden iframe tag insertion. Though it is possible that it could be inserted anywhere on the page code, by hidden I mean one of the iframe attributes is Hidden, not that you can’t see it in your code.

Sorry guys, I wasn’t sure if you needed that info or not. My apologies.

my website is http://forums.team-sa.net - And I updated the Screen shot above for you.

I’m not the most IT savvy guy as well, so an explanation in laymen terms would probably be most beneficial. And as I said, my friend who helps me admin the site has told me I’m a “noob” and that my AV is probably just taking a “crap.” I’m fairly sure he’s using Norton’s Corporate AV as well.

IF it helps, I’m using the free version of Avast since I’m a student and currently cannot afford to upgrade to pro.

Thanks for any help guys, I appreciate it.

Yes the site has been hacked.

The only difference is this hidden iframe has been inserted before the page code also a big standards no, no and highly suspicious. Not to mention the iframe is pointing at a Chinese domain spy-cams.cn, see image.

God dammit !!!

So what would be the best course of action or what / how should I tell my code guy how to fix this problem ?

Is there any way we can prevent this from happening again ? any kind of precautions that we can take or no ?

THANKS AGAIN for all your help guys!

You could start by showing him this Topic and the above image.

He will have to search the html code for pages that have this iframe inserted and remove it, he may have a tool that can automate the removal of the iframe, but it isn’t guaranteed that the iframe would all be identical or if you use iframes legitimately in the site.

You/he should change the password used to modify the site and tighten up security on file permissions.

Yea I’ve forwarded him this link so far, he said he thinks he deleted it.

Thanks again guys !

Much respect for the avast support team!

You’re welcome.

Don’t forget to strengthen passwords and security as removing the injected iframes is only part of the resolution or it theoretically happen again.

Yea for sure.

I’m on him right now about that !

It was probably some IT guy who got pissy b/c one of my server admins banned him. :

Well another thing to look at is the forums software as some may have vulnerabilities which can be exploited so it is important that the forum software is kept up to date.

Figures as my IT guy is busy as crap with school our forums are being spammed like crazy.

Whats considered the best safe guard against people creating accounts and instantly spamming every section of the forum.

Sorry if I’m not allowed to bump this thread for something new.

Regards,
Rob

Something like re-captcha might help. http://recaptcha.net/

That would only be for spam-bots though. For real people, you can disable posting links until they reach a certain post limit, or something similar.

Oh, since you’re using PHPBB, this will help you install.
http://recaptcha.net/plugins/phpbb/

awesome thanks again!!

you guys here have been a huge help!

not sure what I would have done if I didn’t stumble across these forums

You’re welcome!

You’re welcome, one of the most crucial things is to have the latest version of the php forum software as most commonly the hacking comes from vulnerabilities on old versions.

Even with captcha you will still get some drive by spammers, we still do, but this makes it harder to automatically create accounts to post spam. In the avast forums we have a large group of regular and they are very active in reporting spam using the Report to moderator link in posts.

So what little we get is promptly squashed (touching wood whilst having fingers crossed), but that does also rely on prompt action by the moderators.