Author Topic: HTML: lframe-inf on my webstore. Please help.  (Read 14038 times)

Offline jeff.cain

  • Newbie
  • *
  • Posts: 11
    • Personal Message (Offline)
HTML: lframe-inf on my webstore. Please help.
« on: March 25, 2009, 03:50:03 PM »
Hi,
I run an online door business at www.doorclassics.com . I went to my website today and Avast gave me the warning not to access the site because of virus / worm "HTML: lframe-inf .  Please any advice would help, I do not want to lose our reputation we have worked so hard to build up.
Thank you all in advance.
Jeff Cain

Offline scythe944

  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 2904
  • Gender: Male
    • My Tech Blog
    • Personal Message (Offline)
Re: HTML: lframe-inf on my webstore. Please help.
« Reply #1 on: March 25, 2009, 04:11:30 PM »
Actually, I can't really see anything wrong with the code on that page.

I'm no expert developer or coder though, so hopefully someone else can take a look at it and find out what's setting avast off.  Good luck!
For generic computer (not avast) problems, you can also visit my forum for help: http://www.jacobytech.net/forum

Offline scythe944

  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 2904
  • Gender: Male
    • My Tech Blog
    • Personal Message (Offline)
Re: HTML: lframe-inf on my webstore. Please help.
« Reply #2 on: March 25, 2009, 04:14:47 PM »
nevermind, I figured it out.  At the end of that page, you have code that runs outside of the </html> tag.

Here's a snapshot:
Quote
</body>
</html>
<!-- text below generated by server. PLEASE REMOVE --><!-- Counter/Statistics data collection code --><script language="JavaScript" src="http://us.js2.yimg.com/us.js.yimg.com/lib/smb/js/hosting/cp/js_source/whv2_001.js"></script><script language="javascript">geovisit();</script><noscript><img src="http://visit.webhosting.yahoo.com/visit.gif?us1238001167" alt="setstats" border="0" width="1" height="1"></noscript>

Get rid of that, and you should be ok.
For generic computer (not avast) problems, you can also visit my forum for help: http://www.jacobytech.net/forum

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69240
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: HTML: lframe-inf on my webstore. Please help.
« Reply #3 on: March 25, 2009, 04:20:53 PM »
Your site has been hacked there is a hidden iFrame tag inserted just after the opening Body tag

See image of the code, I have broken it down to make it easier to view (it was on a single line).

Note: there is a couple of <script> tags inserted after the closing html tag and a <noscript> tag, a standards, no, no. These however aren't what avast is alerting on but the hidden iframe.



Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69240
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: HTML: lframe-inf on my webstore. Please help.
« Reply #4 on: March 25, 2009, 04:28:21 PM »
Note for scythe944.

When looking for some suspect script, you can use the avast detection as a bit of a helping hand. Where this detected an iframe, I just do a search for <iframe in the source code and that found the only iframe on the page. So it does make it a bit easier to find. If it related to a script issue JS, etc. then I look for <script tags.

If the script tags were the issue, posting them on this site would result in the same detection on this page. So even if they were wrapped in the Code tag would still be detected, which is why I generally use images to display any suspect code.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline scythe944

  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 2904
  • Gender: Male
    • My Tech Blog
    • Personal Message (Offline)
Re: HTML: lframe-inf on my webstore. Please help.
« Reply #5 on: March 25, 2009, 04:28:54 PM »
Thanks man.  I thought I had it!  ;D

Oh, and I guess I'll start making pics of the code too... Sorry 'bout that, and thanks again.
For generic computer (not avast) problems, you can also visit my forum for help: http://www.jacobytech.net/forum

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69240
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: HTML: lframe-inf on my webstore. Please help.
« Reply #6 on: March 25, 2009, 04:33:01 PM »
You're welcome.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline jeff.cain

  • Newbie
  • *
  • Posts: 11
    • Personal Message (Offline)
Re: HTML: lframe-inf on my webstore. Please help.
« Reply #7 on: March 25, 2009, 04:59:50 PM »
Thanks guys for your quick response.  I built the whole site using frontpage and Yahoo's store, and I know almost nothing about HTML code itself.  We hired getupdated.com for SEO and they have been working on the code.  Can I fix this just by simply removing the html you pointed out?
Thanks again

Offline scythe944

  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 2904
  • Gender: Male
    • My Tech Blog
    • Personal Message (Offline)
Re: HTML: lframe-inf on my webstore. Please help.
« Reply #8 on: March 25, 2009, 05:03:23 PM »
It looks like it.  The bigger problem is how the code got entered in the first place.

Either someone has hacked into your site, (so change your passwords for the web server) or the people that you hired has put that malicious code on your site, and you should be asking them why.
For generic computer (not avast) problems, you can also visit my forum for help: http://www.jacobytech.net/forum

Offline jeff.cain

  • Newbie
  • *
  • Posts: 11
    • Personal Message (Offline)
Re: HTML: lframe-inf on my webstore. Please help.
« Reply #9 on: March 25, 2009, 05:27:26 PM »
I would like to get the HTML to accepted standards, could you explain exactly which code DavidR was referencing being after the HTML closing tag.  My html editor isn't showing anything after the closing tag.
You guys are a life saver!

Offline scythe944

  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 2904
  • Gender: Male
    • My Tech Blog
    • Personal Message (Offline)
Re: HTML: lframe-inf on my webstore. Please help.
« Reply #10 on: March 25, 2009, 05:40:26 PM »
Well, DavidR was pointing out the actual code that was causing the IFrame message that Avast was complaining about.

You can find that code by searching for "iframe" in your html editor.

As for the code that I found, which is html code that was placed outside of the closing html tag (</html), that's located all the way at the bottom of the page.

There shouldn't be ANYTHING after </html>.  That tag basically means, this is the end of the page.  So, if there's more code after that, it should be above the </html> tag, not after it.

Hopefully you understand what I'm saying!

EDIT

I'll re-post my quote and add some color on the subject...

Quote
</body>
</html>
<!-- text below generated by server. PLEASE REMOVE --><!-- Counter/Statistics data collection code --><script language="JavaScript" src="http://us.js2.yimg.com/us.js.yimg.com/lib/smb/js/hosting/cp/js_source/whv2_001.js"></script><script language="javascript">geovisit();</script><noscript><img src="http://visit.webhosting.yahoo.com/visit.gif?us1238001167" alt="setstats" border="0" width="1" height="1"></noscript>

Alright, the blue code "</html>" should be the end of your page, but as you can see, the code in red is past that.  You either need to delete the red code, or move it above the blue code in order for it to be within spec.
« Last Edit: March 25, 2009, 05:43:49 PM by scythe944 »
For generic computer (not avast) problems, you can also visit my forum for help: http://www.jacobytech.net/forum

Offline jeff.cain

  • Newbie
  • *
  • Posts: 11
    • Personal Message (Offline)
Re: HTML: lframe-inf on my webstore. Please help.
« Reply #11 on: March 25, 2009, 06:21:45 PM »
I figured out why I can't see it.  Yahoo (my web hosting provider) is adding it to my code upon publishing.  Even when I use Yahoo's html editor, it doesn't show up.  It appears the server is alerting me to remove something in my code but I can't find what it is talking about.  Any ideas!

Offline Mr.Agent

  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 2773
  • Proud to be an avast! user.
    • Personal Message (Offline)
Re: HTML: lframe-inf on my webstore. Please help.
« Reply #12 on: March 25, 2009, 06:25:45 PM »
Contact the guy that builded your web will be my solution but if another ppl got some feel free to post :D
Smart phone LG G2 - (Specs) Processor Quad Core 2,26 GHZ - 2048 MB RAM - True IPS LCD Full HD 1080p Screen - 13 MP Camera 1080p HD of 60 fps - (Security) avast! Free Mobile Security with Anti-Theft

A beast is a beast, she will stay strong until she lives... -Mr.Agent

Offline scythe944

  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 2904
  • Gender: Male
    • My Tech Blog
    • Personal Message (Offline)
Re: HTML: lframe-inf on my webstore. Please help.
« Reply #13 on: March 25, 2009, 06:27:15 PM »
LOL. Sorry to laugh, but it's kind of comical.

I can only tell you to call Yahoo's tech support (if that even exists) to see if they could help you out.  I run several websites myself, but I use my own servers to host them, so I'm sorry, but I don't know how to help.

Hopefully someone else can guide you further, or Yahoo can help personally...
For generic computer (not avast) problems, you can also visit my forum for help: http://www.jacobytech.net/forum

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69240
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: HTML: lframe-inf on my webstore. Please help.
« Reply #14 on: March 25, 2009, 06:30:11 PM »
@ jeff.cain
It should also be before the closing Body tag also if it is legit and you want it displayed on the page.

I couldn't recall if is a footer tag, having done a bit of a google there is a new footer tag in the HTML5 standards. All my web design was done in HTML4 standard. http://www.w3schools.com/tags/html5_footer.asp, this w3schools site also seems a very good source of information, http://www.w3schools.com/default.asp.

Frontpage, depending on what version may or may not be standards compliant, given that it is an M$ tool it used to have proprietary html tags that only worked with IE. So if you are serious about this you should ensure you have an html application that is wc3 compliant.

Yahoo may be getting its return in the price of free hosting, if you are paying for hosting I would be very p***ed off about it editing 'my' site. So I would be talking to Yahoo about the code being tagged to your page as shown in this topic.

I would also be complaining about my site being hacked and what were they going to do about this, their hosting software should really offer protection against this type of thing. You should also change your password you use to log on to edit the site to something much stronger.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now