How secure is your Recruitment website? Part 3 - Hidden iframe injection


Posted By: Thomas Shaw, 6:06pm Thursday 18 June 2009

A new malware attack has been making the rounds recently. It has infected a number of recruitment web sites, job boards and hosting servers. If you suddenly find that your website is triggering your anti-virus software and flagging it as a “dangerous site”, the culprit may be the hidden iframe injection hack.

These types of attacks can cause great harm to your website’s reputation as people are unlikely to ignore the stern warning. Often site owners are bemused as to why this is happening. What is causing their sites to behave in this way and as the webmaster what can you do to remove the warnings from the search results?

In the majority of cases the warning results because hackers have injected code into your website code. This is usually in the form of an iframe, or a web-page within a web-page. To avoid detection, the iframe is made to have a size of 1px, and is then set to be invisible using CSS.

Most malicious domains used in this attack, are blacklisted by Google. And if your site is infected it may also be blacklisted. The Safe Browsing diagnostic page in this case will say something like:

"Malicious software is hosted on 1 domain(s), including..."

If your site becomes infected, contact both your webmaster and your hosting company immediately.




If your website is ever flaged as malicious here are some steps to fix it and resubmit for validation.
  1. Start with your own computer. Scan it with anti-virus and anti-spyware tools.
  2. Once you are sure your computer is clean, change all site passwords - computer, server, website, network.
  3. Keep the new passwords secure. Don’t use auto-upload features of your web site editors. Enter passwords every time you upload new content instead. Use SFTP instead of FTP if possible.
  4. Remove the malicious code (the iframes code) from the infected files on the server. The easiest way to do it is upload a clean backed up version.
  5. Check the server, directory and file permissions. Make sure your settings are correct!
  6. Scan your server directories for any new/suspicious files (don’t forget to check hidden files). Remove anything that should not be there.
  7. If your site was flagged by Google, request a malware review via Webmaster Tools. (read this blog post)
  8. Regularly check your site with diagnostics tools to be sure your site is clean.

Did you know that Twitter checks all URLs before allowing you to post?