Assalam-o-Alaikum,

A big problem which is now a days to thousands of websites, which is IFrame code Virus/Trojan. Some virus infected sites targetting a site and automatically putting Iframe tag, which is infecting the site.

Same problem happen to me with my site, I have apply many things, but after 2 to 3 days again the iframe code appearing, any one has the solution that how to protect website pages from the iframe code virus.

Or have any strong script to block iframe script in webpage.

One of the more common attacks or threats to Web applications is some form of code injection in web pages, which Wikipedia defines as:

... a technique to introduce or "inject" code into a computer program or system by taking advantage of the unenforced and unchecked assumptions the system makes about its inputs. The purpose of the injected code is typically to bypass or modify the originally intended functionality of the program. When the functionality bypassed is system security, the results can be disastrous.

This is happened by two reasons:

1: Most cases when this happens your home computer are compromised by a virus which compromises their FTP username and password and then gives the attackers the ability to just upload the code via FTP.


2: Hackers can inject their malware codes in web pages especially in php scripts, its called web worms. What actually happens is this that a hacker can upload a script via xss ( cross site scripting ) or if html or many keyboard symbols like >/% etc are allowed in online forms or in forum postings then it becomes more easier for the
hackers he can easily post his code in the post and then it resides on
this account on the server.

Please visit below link for more details:

http://www.theserverpages.com/articles/webmasters/php/security/Code_Injection_Vulnerabilities_Explained.html

So whenever any site getting effected by this code injection the owner of this site always blames to the web hosting provider that your server is not secure. But that's not a web host fault. This is script developer's duty to make script secure by not allowing wrong postings in web form, site comments, guestbook entries etc.

To verify that not a web host fault you can search "code injection" at google and you will find many articles on it by reading some of the articles you will be cleared that that's not a web host server fault but a script developer can do anything to resolve it.

For your convenience, below are some links on that topic which you should read:

http://www.spidynamics.com/spilabs/education/articles/code-injection.html

http://www.technicalinfo.net/papers/CSS.html

http://www.ibm.com/developerworks/library/x-xpathinjection.html

That's has been a global problem and lot of sites being effected by code injection attacks everyday, if you want to verify just search "code injection" at google and you will find a lot of discussion on it.

So you are requested to please, if at any time your site is being affected by code injection, don't simply blame to us instead read the "preventive measures" provided in the articles at above provided links to safe you and also check your home computer is not compromised by a virus.