IFRAME worm tanked my traffic, google, and pagerank

Did anyone get hit with IFRAME?  It basically threw a line of code in my index file to redirect, etc.  My webhost took the stance of this is your site and you manage the content.  Though I would debate that if something is on your servers, then it could spread to other nodes using the same server and therfore it is your responsibility to clean your servers for your customers.....

Google rewarded me with This site may harm your computer and the stopbadware.org garbage.  Which made us fix the issue - I honestly was not even aware that this was going on - like everyone else - no e-mail, msg, just a banner on the google results that would not let you in to our site.

Anyway, our website sat in the top 3 on Google for 3-4 years and now  after this has been fixed, got a new webhost, tweaking the site a little, I'm monitoring things more closely now.  I wonder if we'll bounce back for traffic because now we sit at about 80 with a pagerank of 3.  Still though MSN & Yahoo didn't penalize us..... any comments?  - Graham

I don't understand. How an <iframe> become problem ???

Someone hacked you and run a script using this iframe, or something else happened?

yes that's exactly it - There was a nice 2-3 lines of code that got into the header of the index file. MY webhost said it was IFRAME.  I say it was a line of code executing some viral type spam or redirect.  In any case, we got flagged for it. 

if it redirects, you should have seen it and removed it before you got penalized by Google. why, dont you view your site often?

Those are mostly javascript problems that happened to sites such as myspace, I didn't knew that people try to hit this way regular sites too

The other thing that this code did was to target machines running anything less than XP and below IE 5.5 so perhaps I should get on my Windows 95/98 machine ever once in a while to check.  If you think about it, a computer novice running AOL that hasn't updated windows or aol in years, could have gotten a piece of this code.... even our 2nd and 3rd world countries who are now just touching a computer for the very first time....  Anyway, doing my best with this, watching my site more closely, reading more, being a part of this forum has helped a lot.  Nice to hear what others do and go through.   Take care.  - Graham

how could they inject javascript to Graham Slam's homepage?

sounds like he used some nasty 3rd party iframe on his page

The new hackers use a "javascript injection" way to run code in your site.

For example there is a url like :

example.com/?a=123

In your code you are using this $a variable in a javascript call. In that case with a little work the hacker can make a request (eg. an AJAX request) that changes the password.

Think what will happen if paypal has a vurnerability like that, and the hacker send 1 million emails from "paypal" with this url (which will not look fishy as the domain will be paypal.com)....

will say we need to validate client side variables too, or better secure target server side scripts...

Yes, but this kind of hacking is only happen to sites with lots of users, etc.

As far as I know that happened only to myspace (with user uploaded flash movies) and to bank web sites.

That's funny you say that becuase my index page has a cute little flash intro movie  that I wrote and then you can either enter the site or it redirects to our menu.   

But in order for this to happen the hacker should somehow upload this flash to your website ;)

is there a means to upload it in your site Graham Slam?