Hi all, Has anyone had a problem with the iframe injection worm in windows. This is a worm that crawls folders in your computer looking for html documents or any other type of document that can be uploaded to a web server and requested via a browser e.g. index.php and adds(injects) an iframe into the page such that the iframe will be uploaded to the server and every time the page is accessed a script is executed that might compromise your site users security. This is just a word of warning. So before you start using windows as your development environment and before you using filezilla before submitting your files to the server, make sure they have no iframes pointing to some chinese website. Or to make it simple for you, develop on linux. -- Solomon Kariri, Software Developer, Cell: +254736 729 450 Skype: solomonkariri
and for those who don't want to throw the baby out with the bath water, keep your antivirus up to date, patch your web server and keep your content management systems updated and get some books on secure web development. and for those who still fondly imagine script injection is only a windows issue, endeleeni kulala. mtashangaa On 10/15/09, solomon kariri <solomonkariri@gmail.com> wrote:
Hi all, Has anyone had a problem with the iframe injection worm in windows. This is a worm that crawls folders in your computer looking for html documents or any other type of document that can be uploaded to a web server and requested via a browser e.g. index.php and adds(injects) an iframe into the page such that the iframe will be uploaded to the server and every time the page is accessed a script is executed that might compromise your site users security. This is just a word of warning. So before you start using windows as your development environment and before you using filezilla before submitting your files to the server, make sure they have no iframes pointing to some chinese website. Or to make it simple for you, develop on linux.
-- Solomon Kariri,
Software Developer, Cell: +254736 729 450 Skype: solomonkariri
Got hit by that recently after using filezilla in a cyber...did not look for a solution, just dropped the account and started fresh...got solutions? On 10/15/09, solomon kariri <solomonkariri@gmail.com> wrote:
Hi all, Has anyone had a problem with the iframe injection worm in windows. This is a worm that crawls folders in your computer looking for html documents or any other type of document that can be uploaded to a web server and requested via a browser e.g. index.php and adds(injects) an iframe into the page such that the iframe will be uploaded to the server and every time the page is accessed a script is executed that might compromise your site users security. This is just a word of warning. So before you start using windows as your development environment and before you using filezilla before submitting your files to the server, make sure they have no iframes pointing to some chinese website. Or to make it simple for you, develop on linux.
-- Solomon Kariri,
Software Developer, Cell: +254736 729 450 Skype: solomonkariri
-- Sent from my mobile device ------------- http://blog.majibu.com
I got hit by that a few months back....its not funny at all! On Thu, Oct 15, 2009 at 08:20, David Mugo <raidarmax@gmail.com> wrote:
Got hit by that recently after using filezilla in a cyber...did not look for a solution, just dropped the account and started fresh...got solutions?
On 10/15/09, solomon kariri <solomonkariri@gmail.com> wrote:
Hi all, Has anyone had a problem with the iframe injection worm in windows. This is a worm that crawls folders in your computer looking for html documents or any other type of document that can be uploaded to a web server and requested via a browser e.g. index.php and adds(injects) an iframe into the page such that the iframe will be uploaded to the server and every time the page is accessed a script is executed that might compromise your site users security. This is just a word of warning. So before you start using windows as your development environment and before you using filezilla before submitting your files to the server, make sure they have no iframes pointing to some chinese website. Or to make it simple for you, develop on linux.
-- Solomon Kariri,
Software Developer, Cell: +254736 729 450 Skype: solomonkariri
-- Sent from my mobile device
------------- http://blog.majibu.com _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
participants (4)
-
Daniel Ndeti -
David Mugo -
Rad! -
solomon kariri