1

My website has been hacked. I am observing how hacker accesses my site. Though I have been using bindparam to prevent from sql injection and direct access restriction for backdoor attack, hacker's change my index.php page and run their own script. S/He put following line <iframe width='1' height='1' src='https://www.youtube.com/embed/hKdyS_bgUbM?rel=0&autoplay=1&loop=1&playlist=RvpkUhrTmxY' in their uploaded html script.

I doubt I am become victim of xss attack. So I search in google about possible script attack and found about iframe injection. And in one youtube video, it is said that - if your iframe's width and height can be changed, iframe injection can be easily applied and hacked. What he is saying ?

I inspect element through mozila firefox inspector, my iframe's width and height can be changed and applied in body live iframe. Does he talk about my case ? Is my website hacked by iframe injection ? If it is, how to prevent. My website is still vulnerable, because I have only removed their index.php code and restore previous index.php which had been hacked, nothing has been changed. Please help.

Dipak
  • 113
  • 3
  • No, the problem is most likely not XSS or Iframe stuff here. Take down your site, tell your hoster what happened, and then make a clean install of up2date software. – deviantfan Jul 14 '18 at 20:35

1 Answers1

5

Is my website hacked by iframe injection?

No. Iframe injection means that an attacker has altered your site to load a malicious site's content into your page, carefully hidden. The injection refers to the malicious content being loaded into the browser that goes to your site, not how the malicious code was put onto your site.

When you say

hacker's changed my index.php

and

I have only removed their index.php code and restored previous index.php which had been hacked

That indicates to me that your site must have been hacked in another way, one that allowed the attacker to modify the files on your disk.

To recover, you need to determine how, tighten security, go back to a clean version, and try to monitor for it happening again. A canonical answer on how to recover from a hacked site is How do I deal with a compromised server?

gowenfawr
  • 72,355
  • 17
  • 162
  • 199