Few months back Geekyard was infected by iFrame virus code. My friend Balaji reported this infection to me when Kaspersky detected this malicious script. Then we put Geekyard in maintenance mode and searched for iFrame malicious script in header.php, footer.php and in other PHP scripts but couldn’t figure it out!!!. Finally Sucuri.net helped us in fixing this malware issue. Sucuri scanners use the latest in fingerprinting technology allowing you to determine if your web applications are out of date, exploited with malware, or even blacklisted. Our Scanner also monitors your DNS, SSL certs & WhoIs records. Many WordPress users may face virus and other malware issues. In this article I will discuss in detail on fixing this virus issue 🙂
How to Check Whether Malware Infected Your Site?
Lets, now see how to check whether your blog or site is infected with malicious scripts, virus or not? Try a free scan check in Sucuri 🙂 . Sucuri SiteCheck scanner will check the site for malware, blacklisting status, and out-of-date software.
- Just goto http://sitecheck.sucuri.net/
- Enter the website URL and click Scan Website.
Once the scanner warns malware infection. Just follow the below steps to remove malware from infected website. We registered Geekyard in Sucuri for past one year and we are totally satisfied with the service they provide. 🙂
Steps to Remove iframe Virus From your WordPress Blog
- The first step in recovering a website after an Iframe Injection attack is to shut it down completely during the cleansing process. But the WordPress blog in Maintenance mode. This must be done to ensure that the malicious elements that may have been injected are not spread to the computers of unsuspecting visitors.
- The next step is you need to change all the passwords associated with the website like FTP passwords, SSH passwords, account passwords, database passwords, admin passwords and so on.
- Make a copy of the damaged website. Backup of database is very important on regular basis.
- Scan your backup copy with Anti-Virus software like ZoneAlarm or Trend Micro before uploading to the web server to ensure that the backup copy is free from viruses and Trojan horses.
- After the site has been restored from a clean backup copy, it must be checked. Then remove maintenance mode and reopen it for public.
Common Reasons for iFrame Virus Injection
These are some of the reasons for iFrame malware infection on several websites.
- The website is hosted on a cheap web hosting service.
- The website is using an old version of an open source application (eg: WordPress ) which has known security issues.
- File permissions on the server are not set accordingly (eg: every file and folder on the server is set to 777 read-write-execute).
- Weakness in an application code. For example, there is not sufficient input validation.
- FTP rather than SFTP is used.
- There is no IP restriction for SSH and FTP accounts.
I hope this article will give detail information on iframe malware and solution to fix iframe malware issue 🙂
Nice article, malware and spyware are a pain when they infect either your computer or website…
There are a few other things you can do to secure your WordPress installation.
– Don’t use wp_ as your database table prefix.
– Don’t have a user called ‘admin’.
– Make sure your passwords aren’t easy to guess.
– Use a plugin like ‘limit login attempts’.
– If you have a static IP, limit access to the wp-admin folder.
– Keep your themes & plugins up to date!
Short and sweet suggestions buddy 🙂
Malware is one of the most annoying things ever invented indeed. Pretty useful advice how to deal with all that viruses invading your blog.
after reading this topic ” Steps to Remove iframe Virus From your WordPress Blog ”
I have taken the action against my website thanks for helping and saving my wordpress blog 🙂
Really happy to see your website without any malicious script,
and saved many users by you keeping your site by maintenance mode ,while affected by that malicious code, it’s really a great job my friend,
Thanks Balaji for the timely help 🙂
Malware is one of the most annoying things ever invented.
A lot of wordpress sites have been hacked by the so-called god_mode_on virus lately. It is very likely that this was what hit them.
Kind Regards