As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread:

Website infection - iFrame injection - help?

Sharp101Sharp101 TorontoRegistered User regular
edited March 2011 in Help / Advice Forum
Long story short, my sites hosted at Dreamhost have all been infected by iFrame injection.

Over the weekend I noticed that the /index.php files for my various personal and in-development client Wordpress bases sites had a little snippet of code inserted on line 1. It's some base64 decode in the actual php files that results in an iframe when compiled. Something like this: (iframe tag edited for safety)

[HTML]<ifra me src="; width="1" height="1"></ifra me>[/HTML]

I can easily remove the base64 call from each file, but that only lasts a couple hours and it's back again.

How the hell can I get rid of this?

I thought it might have something to do with wordpress security, but I had one non-wordpess based site infected as well (index.php of course). I looked into it a little and I've read it might be the actual shared hosting server that's infected?

I have submitted a ticket to dreamhost support, but I figured I would get some outside advice as well.

Sharp101 on


  • Options
    bowenbowen How you doin'? Registered User regular
    edited March 2011
    Sounds like someone's got access to your account rather than continual injection. Clear everything, put up a placeholder page, and change passwords (on a different account) and see if that solves your issue.

    Once that's done, if you are free and clear for a few hours, go ahead and start reuploading stuff.

    bowen on
    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • Options
    InfidelInfidel Heretic Registered User regular
    edited March 2011
    If one of your sites on DreamHost is exploited to add script to each file, it can access all of your sites because you probably only have one user setup for all your domains like most people.

    Review your logs, find the attack vector, take down the software/exploit.

    Infidel on
Sign In or Register to comment.