{"id":826,"date":"2009-02-11T18:00:19","date_gmt":"2009-02-11T17:00:19","guid":{"rendered":"http:\/\/www.nivas.hr\/blog\/?p=826"},"modified":"2009-03-13T22:21:36","modified_gmt":"2009-03-13T21:21:36","slug":"all-your-iframes-point-to-us","status":"publish","type":"post","link":"https:\/\/www.nivas.hr\/blog\/2009\/02\/11\/all-your-iframes-point-to-us\/","title":{"rendered":"All Your iFRAMEs Point to Us"},"content":{"rendered":"

\"aybabtu\"Defacing a website is least form of site hacking these days (please, don’t deface us because of this statement :) ). Defacing usually means changing the hacked website’s xhtml files on server or in transport between the server and the client. Completely defaced website attracts attention for a limited number of time, and the whole deal is quickly forgotten. However, defacing a site by silently injecting a 1×1 iframes, javascript or massive amount of links\/subpages can be more lucrative for spammers (link building, visitor stat fraud, malware spread etc.), more horrifying to your business (you will loose visitors while you are blacklisted) and worst of it all – it can’t be that easily detected.
\n
\nI recently witnessed pretty horrible deface. A pal of mine got infected with trojan which sent out his password from FTP programs to automated system, which automatically ftpd to his sites, downloaded all files, changed .html files by injecting tons of spam\/porn\/viagra links and hex javascript code for opening up iframes to malicious sites containing more trojans, and then reuploaded everything up on my pals innocent website. Every visitor to once innocent website was attacked by drive-by downloads of trojans.
\nThis was appended to all html files:
\n[ftf w=”450″ h=”100″]