HTML: lframe-inf on my webstore. Please help.

[jeff.cain]

waiting on Yahoo's tech phone call...  I'll let you know if they shed any light on it.

[scythe944]

Good deal.  I hope they can help!

[jeff.cain]

They said it is on every Yahoo hosting account and store account.  It is their data collection code and they said they have never had any problems from it.  I don't really have an option to remove it, so I guess it stays.  Sorry to waste you guys time, but again thanks so much for fixing the hack on my store.

[DavidR]

You're welcome.

If they are going to insert code than tell them they should be complying with wc3 HTML standards.

What stats are they gathering (more importantly did they tell you about this and did you agree to it) ?

What did they say about your site being hacked ?

Of course you have a say in it, vote with your feet/wallet and seek out another hosting company and one that remembers their position as a service provider and you being the customer.

[jeff.cain]

I started building the site with them in 2004 so I'm sure I agreed to their terms somewhere.  It does state in their privacy policy that I display on my page that they collect data regarding your shopping experience.  As far as voting with my feet, I wish it were that easy.  I built almost the whole store on their yahoo store proprietary software.  I know I could rebuild, but that is all I have been using since 2004 and I already have a non webrelated full time job taking up my time (plus a wife and 3 kids!)  For now it will have to stay with yahoo.  Overall I have been satisified with their service.

[jeff.cain]

I didn't even ask about being hacked.  I have used the same password for waaaaaaaay too long.  So I'm sure some of that fault rests with me.

Last question- what would that virus have done if any of my customers picked it up?

[DavidR]

The hosting software is also an area which might be exploited, though more common in php sites.

It is a total unknown as to what might have happened as the iframe went to a Chinese domain and there could be absoultely anything at that end as it is executing a cgi script could be benign in that they are trying to display something to tempt customers to part with money or it could be malicious.

There is just no way to find out without leaving yourself open to the exploit and there is no way I would even consider that.

[kubecj]

Guys, it looks like you're mixing two things together:

The yahoo counters at the end are BENIGN, and Yahoo is right it's used for their stats.

The chinese iframe at the beginning is DETECTED. You should only remove it and think how it got to your code.

[jebje]

I bought hosting from yahoo, and i have the same problem at the moment. After reading everything here i couldn't understand what will i do to fix it.
I am near to crying lol..

Can you say me what to add or what to delete from my pages? "  :'(

[kubecj]

First please provide us the link to your pages. We are good, but not that good to guess it 

[jebje]

Oki you are right. Here is my links,

www.cemredesigns.com/index.html

www.cemredesigns.com/shop.html

etc.

[kubecj]

And, what exactly is your problem? I don't see anything strange there, and avast! does not find anything there.

[polonus]

Hi kubecj,

You have turned this into one of your specialism, haven't you? Chapeau! Seen to the 200% increase recently in malicious vectors launched from infected websites, what avast is doing here is really very impressive.

I from my end started some discussion  an initiative here to get more interest for the implementation of CSP, also known as Content Security Policy, a security policy for both browsers (IE, Fx, etc.) and web application(s) to set the framework wherein both browser and service  can communicate secure, so third parties have no chance of breaking in.
Re: http://forums.mozillazine.org/viewtopic.php?f=48&t=1073125

Just have to see who will jump on the bandwagon with CSP, but until the time the initiative is adhered to on a larger scale we will depend on what avast is doing here and also use script/request/preference blockers like NoScript, RequestPolicy and PrefSwitch,

polonus

[jebje]

oki, it says

!-- text below generated by server. PLEASE REMOVE --><!-- Counter/Statistics data collection code
<script language="JavaScript" src="http://us.js2.yimg.com/us.js.yimg.com/lib/smb/js/hosting/cp/js_source/whv2_001.js"></script><script language="javascript">geovisit();</script><noscript><img src="http://visit.webhosting.yahoo.com/visit.gif?us1238794000" alt="setstats" border="0" width="1" height="1"></noscript>


My page is not that short actually, and only i can see a blank page with a little graphic in left side when i enter my website

[kubecj]

This is perfectly legal code from yahoo. Nothing malicious.