IFrame Attack

[Laurence]

The Iframe code with domain suffixes like .RU, .CN, .DE, etc. can destroy your whole site. After infecting some pages of your site with this code, it redirects to domain in the code affected by malwares potential of stealing your valuable data and FTP details from your system.

You can purge this code from all pages of you site. The below given script removes the code which may be in a form of line and will scan all the files under /home folder. It is strongly recommended to backup your site prior the given script utilization.

find /home \( -name "*.php" -o -name "*.html" -o -iname "*.htm" \) -exec grep -l "a5g.ru" {} \; -exec sed -i "/"a5g.ru"/d" {} \;

After cleaning up infected pages don't forget to scan your system with updated antivirus and change your FTP and server Password. Furthermore, make sure that you have not saved FTP login information to FTP client installed on your system.

If you have Wordpress, then can replace the infected code by below given code or just take a backup of the database, re-install Wordpress and once finished with fresh installation you can again restore database to make your site work as it was primarily.

<?php
/**
* Front to the WordPress application. This file doesn't do anything, but loads
* wp-blog-header.php which does and tells WordPress to load the theme.
*
* @package WordPress
*/

/**
* Tells WordPress to load the WordPress theme and output it.
*
* @var bool
*/
define('WP_USE_THEMES', true);

/** Loads the WordPress Environment and Template */
require('./wp-blog-header.php');
?>