What is Iframe Injection?
A couple of weeks ago I mentioned how memwg.com had been flagged by Google as being a “bad” site because it was hosting “malware”. This wasnĘt something I had done, the site was subject to an iframe injection. It took me a while to find and fix the problem, but since IĘve had some questions about iframe injections here is a quick and dirty guide to dealing with them.
The “iframe” Tag
Like most useful things, IFrames can be used for good or for bad.
An injection is something inserted by a third party into a website. The most common kind of injection is a “SQL injection”, which is an injection into a database (SQL is the language commonly used to program and access databases… many people pronounce it as “sequel“, by the way, which is why I say “a SQL injection” as opposed to “an SQL injection”.)
Most injections are SQL injections. If a website developer isnĘt careful, they can easily leave backdoors open that nefarious types can use to insert random data into a database… or even worse do things like wipe out the database.
WordPress blogs are ripe for iframe injections, since theyĘre backed by a database…
An iframe injection is an injection of one or more iframe tags into a pageĘs content. The iframe typically does something bad, such as downloading an executable application that contains a virus or worm in it… something that compromises a visitorĘs system.
If you have a very recent browser (like Firefox 2) then iframe injections arenĘt really a worry — these browsers are smart enough not to automatically download and run applications without your permission. But older browsers are more trusting.
Finding IFrame Injections
To find iframe injections, look through the HTML your web server is sending. Open a page in your browser and then use the browserĘs “view source” option to see the HTML. Look for <iframe> tags. Injections usually insert iframes that point to raw IP addresses (something like “188.8.131.52″) instead of domain names. Treat these as suspicious.
Once youĘve found an iframe and have determined that itĘs not legitimate, you have to remove it from the page or database itĘs coming from. On a WordPress blog you simply edit the page in question and look for the &lgt;iframe> and remove it.
ThatĘs pretty much it. Keeping your WordPress (or other database-backed software) up-to-date with the latest fixes is the best way to avoid these kinds of problems.