Over a past few months there have been so many complaints regarding malicious iframe codes or java scripts. When Google find such website it puts it into black list or shows a red flag to the websi It hurts the reputation of the webmaster too.I remember very well when my website got hit by a malicious iframe codes. As a beginner I was totally unaware of it but luckily I found some resources that really helped me a lot (I will share it in my upcoming post).
First of all have a look at Wikipedia definition of iframe code: According to Wikipedia iframe is…..”An IFrame (Inline Frame) is an HTML document embedded inside another HTML document on a website. The IFrame HTML element is often used to insert content from another source, such as an advertisement, into a Web page. Although an IFrame behaves like an inline image, it can be configured with its own scrollbar independent of the surrounding page’s scrollbar. In 2008 hackers started to hack prominent websites using ifrmae codes”.
First thing first how do you save your website from iframe code:
- Keep your antivirus updated and regularly check your computer for malicious iframe codes and other viruses.
- Always download plugins and theme from the author’s website only or from the reliable source. Be careful while downloading from third party website. I see some bloggers downloading paid themes from rapidshare and other file hosting websites for free. My suggestion is to use legal theme as you won’t know the codes inside the theme
- Never upload anything to your FTP account at cybercafe or college PC. I usually blog from college PC, but I never upload anything to my FTP account from there. Once Techgenuine got infected with malicious iframe when I uploaded few plugins from college PC.
- Always use FTPS while uploading the plugin or theme.
- Scan all plugins or theme before uploading it to FTP to be on safer side.
- Make sure you have set the right permission for all your directories and especially .htaccess file. If your .htaccess file is writable then there is a very good chance that your website will get hacked sooner or later.
- Upgrade to latest version of wordpress as it covers many security patches.
- Always use strong password for your accounts and keep it changing frequently.
Summary: Use always legal plugin and theme. Before uploading it to your FTP account check it once with your antivirus.
Keep watching Techgenuine as next part will cover some online resources and more idea about iframes and java scripts.
Related Posts:
![[How To]Save Blog From Malicious Iframe Codes-Part2](http://geniusgeeks.com/blog/wp-content/uploads/2009/08/virus.jpg "[How To]Save Blog From Malicious Iframe Codes-Part2")
[How To]Save Blog From Malicious Iframe Codes-Part2
Download antivirus plugin for your wordpress to make your blog secure
August 2009 Best Posts And 125×125 Ad Winnerwordpress-feed-validation-problem.png" alt="[How to] Fix WordPress RSS Feed Validation Problem" title="[How to] Fix WordPress RSS Feed Validation Problem" width="50" height="50" border="0" class="crp_thumb" /> [How to] Fix WordPress RSS Feed Validation Problem
Simplegant SEO Optimized WordPress Theme Detailed Features
{ 9 comments… read them below or add one }
Hey buddy great post
BDW can you throw some more light on the fact
that we should not use FTP to upload on public places?
and how iframe can cause malicious code, I feel this
info. is missing.
@Gourav Sharma
Thanx for asking this. If you look at the post carefully then you can observe that I didn’t say that all iframe codes are malicious. Iframe code is an Inline frame codes that is used between html tags. It starts with “iframe” tag. I don’t want to go much in details as it is a comment section, I will cover it in my post.
Some useful resources for malicious iframe code: http://www.techzoomin.com/protect-your-blog-from-iframe-malicious-programs/ (where you can find my comment also)
http://hubpages.com/hub/IFRAME-Virus-injecting-malicious-code
Thanx for asking this question. I guess my post sounds like “iframe codes” are malicious to the readers but I didn’t mean to say that.
Second question: BDW can you throw some more light on the fact
that we should not use FTP to upload on public places?
This is I said as a precautionary measure. I faced the same problem when I uploaded a plugin via “FTP” server from my college PC (link for my problem: http://www.techzoomin.com/protect-your-blog-from-iframe-malicious-programs/ ). I downloaded the file from the wordpress plugin directory itself but after unzipping the plugin somehow my plugin got affected with iframe codes (DiggDigg plugin to say exactly). I just wanted to covey beginners to not upload files from public place or college as it might get infected with viruses (If it is trusted then it is ok to upload from there). I hope I cleared your doubt. Again thanx for asking it over here.
Nice and very informative info Ricky. Thanks for sharing. Never use FTP since from beginning.
.-= shraqs´s last blog ..Wyzo – Mozilla-Based Media Browser For Download Enthusiasts =-.
@shraqs
I usually upload my content from dashboard itself. Thanx for the comment
Nice points. I would like to share some experienced I had with these while troubleshooting a friends blog last month. Of course he got the rapidshare theme of a paid one and the people who shared that inserted strange encrypted codes in that.
He installed the theme and google began removing his indexing one by one until he ask me for help. At first its really hard to even see these malicious codes. I decided to switch to his previous theme and just day after google began reindexing.
While examining the code of the illegal theme version, i noticed that the malicious codes were added to it footer. In fact it was not really a malicious code but was a link toward a porn site. The worst is that that specific site is black listed on google.
What I wanna say is that even if u accidentally link to a black listed site you can get penalised as g-bots sees it like you are promoting and illegal activity.
.-= Kurt Avish´s last blog ..Google Hot Trends for other Countries =-.
@Kurt Avish
Very valid points for not using pirated theme. I also don’t considered it ethical. Sometimes we don’t bother to look at the codes of the theme and later we realizes the mistake. Thank god it was not too late in your friend’s case. Thank you very much for taking a time to share your experience over here.
Its a very nice and informative article. Very useful info thanks for sharing it.
louis vuitton handbags
@Louis
Thank you for liking the article
if you have a lot of articles or content on Hubpages, you can really get lots of traffic and in turn you can make lots of money from it.”,
{ 1 trackback }