Quick Reference Links To Fight Iframe Injections

Published: 20th November 2009
Views: N/A
Ask About This Article Print Republish This Article
I have had many requests from people reading my articles on combatting iframe injection attacks, which you can find at http://websiteprotection.blogspot.com, to create a quick start guide with the various links one can use to detect and recover from iframe injection attacks.

These links are just a quick summary and you should read the full articles to get the maximum benifits.

CHECKING TO SEE IF YOUR WEBSITE IS SAFE

a) http://www.google.com/safebrowsing/diagnostic?site=http://yourdomain_name

Copy and paste the above link into your browser and then replace "yourdomain_name" with your actual website name, e.g., websiteprotection.net

b) http://www.unmaskparasites.com

Enter your URL to test for malicious iframes

IFRAME SCANNERS

a) http://www.diovo.com

Download the script and then using notepad editor, you need to change the following line in the script:
$webpath ="Type your domain name here. Eg:http://www.diovo.com/"
which becomes:
$webpath ="http://www.yourdomain_name/

Where "yourdomain_name" is replaced with your actual domain name.
Upload to your root directory.

Test URL is:
http://www.yourdomain_name/clean.php?s=index.php&c=iframe
where:
s=webpage.ext

b) http://www.websanity.co.uk

Download the script and using notepad editor, change the following lines in the script as required:
define('IGNORE_EXTENSIONS',"jpg pdf zip psd doc gif swf xls"); // Ignore files of these types
define("IGNORE_BEFORE", strtotime('2009-08-01') );

c) Auto Scanner Scheduler: http://www.splinterware.com

FILE PERMISSIONS

CHMOD 444 to prevent writing to web page

IFRAME DE-OBFUSCATORS

a) http://www.novirusthanks.org

b) http://www.patzcatz.com

c) http://www.strictly-software.com

IFRAME UNPACKERS

a) http://matthewfl.com

b) http://blog.shimazu.org

c) http://www.strictly-software.com

IFRAME PACKER

For those who want to see how packing is done with a javascript packer.
Make sure to check the "Base62 encode" box or else it will not work.


http://dean.edwards.name/packer


You should use this quick guide only after you have read all related iframe injection articles.

Don't forget that not all iframes are bad. Be sure before you delete.

This article is free for republishing
Source: http://jschembri.articlealley.com/quick-reference-links-to-fight-iframe-injections-1240040.html


Report this article Ask About This Article Print Republish This Article


Loading...
More to Explore
Girlfriend Sayings An Electric Car for the Family Top 10 Beaches in the World Top 10 European Ski Resorts Top 10 High Demand High Paying Jobs in Australia
 


Ask a Professional Online Now
27 Experts are Online. Ask a Question, Get an Answer ASAP.
Type your question here...
Optional:
Select...