Malware Related > Compromised Servers

Code injected just before closing html. Difficulty locating source.

(1/2) > >>

howardf:
Hopefully someone here can help. I am getting an iframe inserted into a served webpage just before the closing html tag. I am having trouble locating the source. To be clear it does not show up in the source at the location it does when served. The site is PHP containing HTML, Javascript. There are Google and OpenX ads being displayed. The iframe contains a reference to http://dreamonisland.com/js/google.js.

Any pointers would be helpful

Howard

MysteryFCM:
Apologies for taking so long.

Can you give us the URL to the affected page(s) so we can take a look please? (could you also tell us if the pages are static HTML, or contain dynamic content (i.e. pulled from a database)).

howardf:
The site is mostly dynamic with some static content.

MysteryFCM:
Sorry for taking so long, I'm currently swamped with work and migrating to a new machine.

Has this been resolved yet?

howardf:
After a fashion. We got the iframe to inject itself in between comment tags via a dummy closing html tag. Currently its appearance is erratic. We are still unclear on the origin.

Navigation

[0] Message Index

[#] Next page