Author Topic: Help HObby Store Owner with lframe isssues  (Read 7680 times)

0 Members and 1 Guest are viewing this topic.

lgfc_2012

  • Guest
Help HObby Store Owner with lframe isssues
« on: July 16, 2012, 09:37:06 PM »
I am a small hobby store owner.  I recently downloaded avast trial version, and have it currently running.
I went to my site and noted that many pages were coming up lframe-inf.
I followed the instructions on the original post but could not find any lframes on my pages.
Hoping someone can help  ::)
 
Any help appreciated.  :D
Thanks for your time in this matter  :D 
« Last Edit: July 17, 2012, 12:32:26 AM by lgfc_2012 »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Help HObby Store Owner with lframe isssues
« Reply #1 on: July 16, 2012, 09:38:56 PM »
It looks to be in the fav icon

I will ask iDonovan to have a look when he gets here  ;D

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2219
    • The WAR Against Malware
Re: Help HObby Store Owner with lframe isssues
« Reply #2 on: July 16, 2012, 09:56:56 PM »
Hi lgfc_2012,

Is there any specific page that avast! alerts? If you would please post a screenshot of the alert.
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Help HObby Store Owner with lframe isssues
« Reply #3 on: July 16, 2012, 10:04:07 PM »
Hi !Donovan,

I answered in the other post open on this issue.
The alert is from Avast Webshield Malware being blocked Avast has blocked a malicious website or file
Object: hxtp://www.ladygouldianfinch-ca.com/favicon.ico (malware doing a redirect)
Infection: HTML:Iframe-inf
Process (browser executable)

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Help HObby Store Owner with lframe isssues
« Reply #4 on: July 16, 2012, 10:04:55 PM »
Here it is

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Help HObby Store Owner with lframe isssues
« Reply #5 on: July 16, 2012, 10:15:02 PM »
Hi essexboy,

Only difference that I got that txt in Dutch and for chrome.exe (as I went there with Google chrome).
Sucuri gives this report with security warnings: http://sitecheck.sucuri.net/results/www.ladygouldianfinch-ca.com/
IP-location risk also plays here and security issues as I mentioned in the other posting.
Site gives away full version number of server software to the world, that is a security risk
Site has FrontPage/5.0.2.2635
Powered by: PHP/5.2.14
with many security flaws that can be abused by malcreants, especially PHP is "renowned" insecure,
but here it seemed to have been a hidden iFrame,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

lgfc_2012

  • Guest
Re: Help HObby Store Owner with lframe isssues
« Reply #6 on: July 16, 2012, 10:19:11 PM »
What does this mean? 
I am no web developer so am having someone do the site bit by bit.
What is the .ico is that the flash player.   If not, is it nec? Can I delete it?
appreciate the help   

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Help HObby Store Owner with lframe isssues
« Reply #7 on: July 16, 2012, 10:22:28 PM »
They should check your error handling in the .htaccess file,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

lgfc_2012

  • Guest
Re: Help HObby Store Owner with lframe isssues
« Reply #8 on: July 16, 2012, 10:28:08 PM »
where is this .htaccess file found ?
Am in the site now so can fix it if I know where it is.

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2219
    • The WAR Against Malware
Re: Help HObby Store Owner with lframe isssues
« Reply #9 on: July 16, 2012, 10:31:08 PM »
favicon.ico seems to lead to the 404 page that contains the iframe redirect.

Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Help HObby Store Owner with lframe isssues
« Reply #10 on: July 16, 2012, 10:35:33 PM »
No, this should be done at the server where your website is being hosted. You should take the issue up with them at cp5.hostserve.net,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

lgfc_2012

  • Guest
Re: Help HObby Store Owner with lframe isssues
« Reply #11 on: July 16, 2012, 10:37:46 PM »
ok fixed the 404 now what?

lgfc_2012

  • Guest
Re: Help HObby Store Owner with lframe isssues
« Reply #12 on: July 16, 2012, 10:39:58 PM »
What do i say to hostserve?  How can I get better protection from them?

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Help HObby Store Owner with lframe isssues
« Reply #13 on: July 16, 2012, 10:45:14 PM »
I see there 2 instances of it GET /favicon.ico HTTP/1.1:
response: HTTP/1.1 404 Not Found
Content-Type: text/html
Date: Mon, 16 Jul 2012 20:39:00 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Accept-Ranges: bytes
Content-Length: 1269
Keep-Alive: timeout=15, max=93
Connection: Keep-Alive

And for your hosting service, you could give a link to this thread and the oyher one,

polonus
« Last Edit: July 16, 2012, 10:47:01 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2219
    • The WAR Against Malware
Re: Help HObby Store Owner with lframe isssues
« Reply #14 on: July 16, 2012, 10:49:07 PM »
ok fixed the 404 now what?
I still get the iframe.
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."