An iFrame injection is a very common cross-site scripting (or XSS) attack. It consists of one or more iFrame tags that have been inserted into a page or post's content and typically downloads an executable program or conducts other actions that compromise the site visitors' computers.
Securing a website from IFrame malware injection is quite important as it may later crash the complete website.
Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to fix different website attacks.
In this context, we shall look into how to secure a website from iframe malware injection.
Nature of IFrame injection attack ?
In Iframe injection, the hackers inject or insert their IFrame codes to the website. Here, they may make use of the trojan malware.
Usually, here hackers target the index.html, index.php, default.php, or configuration.php pages.
When someone accesses a website, that is infected with malicious code, the browser will download that code (this is a trojan horse/spyware) from the URL present in the IFrame container.
Then all the visitors who visit the infected site will get infected with malicious malware.
How to secure Website From IFrame Malware Injection ?
Here, you will learn ways to secure websites from Iframe malware injection.
Recently, one of our clients contacted us saying that his site was blocked by Google due to some malware content on the website. On investigation, we found that the malware warning was due to the IFrame malware injection in some of the files on the site.
Here is how we remove the IFrame from the website:
i. Firstly, we verify whether there is a threat or not. For that, we scan the webpage or website using any antivirus tool that checks for <iframe> content.
If the result does not show any attacks, then the website is safe and we can ask Google for a review.
ii. However, if the website is infected then we start to remove the malware contents.
In order to get rid of the infections, we need to remove all the IFrame code out of our infected PHP or HTML files.
Steps to remove the IFrame infections ?
1. First, we scan and clean our own computer which we use to connect to our site. The Trojan might be undetectable by some antivirus. So better to format the windows OS and install a fresh copy.
2. We change ALL passwords including the FTP passwords and the website control panel passwords.
3. Also, we check the files on the server for the IFrame code using any tool and we remove it. We can download an antivirus tool that scans the website for <iframe> content.
If it is a WordPress website then there are some great security plugins available like Wordfence that will scan the website's source code for infections and also protect the site.
4. Clearing the CMS’s cache
5. Temporarily, we block access to the website.
6. Replacing the infected file with original files that we have during the last virus-free site backup. Changing the permission to 444 to avoid further injection.
7. If we do not have a backup, then we edit all source code (HTML or PHP files) and search for <iframe> HTML commands inside the code.
Delete the suspicious <iframe> and re-upload all HTML, PHP files to the website.
8. We recheck the files to see whether the IFrames exist or not.
9. Also, we clear our CMS’s cache once more.
10. We make sure to monitor the IFrame attack for some more days.
11. Lastly, we always keep a virus-free backup.