Few months back Geekyard was infected by iFrame virus code. My friend Balaji reported this infection to me when Kaspersky detected this malicious script. Then we put Geekyard in maintenance mode and searched for iFrame malicious script in header.php, footer.php and in other PHP scripts but couldn’t figure it out!!!. Finally Sucuri.net helped us in fixing this malware issue. Sucuri scanners use the latest in fingerprinting technology allowing you to determine if your web applications are out of date, exploited with malware, or even blacklisted. Our Scanner also monitors your DNS, SSL certs & WhoIs records. Many WordPress users may face virus and other malware issues. In this article I will discuss in detail on fixing this virus issue 🙂
How to Check Whether Malware Infected Your Site?
Lets, now see how to check whether your blog or site is infected with malicious scripts, virus or not? Try a free scan check in Sucuri 🙂 . Sucuri SiteCheck scanner will check the site for malware, blacklisting status, and out-of-date software.
Once the scanner warns malware infection. Just follow the below steps to remove malware from infected website. We registered Geekyard in Sucuri for past one year and we are totally satisfied with the service they provide. 🙂
Steps to Remove iframe Virus From your WordPress Blog
- The first step in recovering a website after an Iframe Injection attack is to shut it down completely during the cleansing process. But the WordPress blog in Maintenance mode. This must be done to ensure that the malicious elements that may have been injected are not spread to the computers of unsuspecting visitors.
- The next step is you need to change all the passwords associated with the website like FTP passwords, SSH passwords, account passwords, database passwords, admin passwords and so on.
- Make a copy of the damaged website. Backup of database is very important on regular basis.
- Scan your backup copy with Anti-Virus software like ZoneAlarm or Trend Micro before uploading to the web server to ensure that the backup copy is free from viruses and Trojan horses.
- After the site has been restored from a clean backup copy, it must be checked. Then remove maintenance mode and reopen it for public.
Common Reasons for iFrame Virus Injection
These are some of the reasons for iFrame malware infection on several websites.
- The website is hosted on a cheap web hosting service.
- The website is using an old version of an open source application (eg: WordPress ) which has known security issues.
- File permissions on the server are not set accordingly (eg: every file and folder on the server is set to 777 read-write-execute).
- Weakness in an application code. For example, there is not sufficient input validation.
- FTP rather than SFTP is used.
- There is no IP restriction for SSH and FTP accounts.
I hope this article will give detail information on iframe malware and solution to fix iframe malware issue 🙂