Has Your Website Been Hit by the iFrame Hackers?

The Problem:

Recently, one of our (WordPress) websites was compromised by an unknown assailant. In our office, we refer to these guys as “Hacker-Jacks”. Hacker-Jacks are defined as: an individual or group of individuals that have an excess amount of time on their hands and will stop at nothing to destroy the hard work you’ve put into your website. (i.e. HACKERS)

During a typical day at a marketing firm, our development team was performing routine maintenance on one of our websites and noticed a grayish/white bar that went across the screen at the bottom of the home page (just beneath the footer). After further research, this “Mystery” bar was found to be global throughout the entire site. In this bar (on the left hand side) were 3 microscopic characters that appeared to be the letter “F”. Out team went ahead and viewed the source code of the page to identify where this line could be coming from. They found nothing in the code! NOT GOOD!!! This was our first indication that we had a problem.

Over in our SEO Services experts, our team noticed that this same site was just cached by Google about the same time this “Mystery” bar was detected. Lucky us right! WRONG! Now, in the search results for our site it shows a message under our description tag that reads:

“Warning: Visiting this site may harm your computer”

counter-wordpress.com/frame.php (

Our team immediately went into DEFENSE Mode! We had no idea who, what, why, when and where this occurred. What we did know, was that our website was in perfect condition throughout the workday and in good standings with Google up until around 4:00pm (EST) that afternoon. We also knew that Google last indexed our site just a week prior. Something happened, and it happened recently!

Right away we called a meeting of all IT departments. During this meeting, we discussed each and every detail of the work performed on the site from the past week. Perhaps it was a newly installed plugin, we thought. Maybe it was caused by a new update that WordPress rolled out? Being that this was isolated to ONE site, we knew it was not a HOST Server attack. It could be any of these if not a combination.

In situations like this, we turn to a (very helpful) website that provides a tool to identify if a site has been infected with malware or has been blacklisted. Site Link Scanner[dot]com.

About 10 seconds after entering your URL, we received the answers we were seeking! We were able to identify “What” and “Where” the issue was with the click of a button. Then we knew exactly how we were going to fix the problem.

Somehow, a Hacker-Jack was able to modify a JavaScript file within our site and became able to inject malicious malware. But rest assured, there are ways to add layers of protection! Follow the steps below to protect your site…

The Solution:

1. Make sure that the Database and Tables of your WordPress site are backed-up daily, weekly, or even monthly. Daily back-ups are preferred so that you do not lose too much data in the event of a catastrophe (i.e. Blog Comments, etc.).

**Back-ups can be performed on the server level or directly onto your local machine via FTP or SFTP.

2. Make sure that your HTML & Javascript files are also backed-up daily, weekly, or even monthly. Again, “daily” is preferred.

3. Make sure your website is set-up in Google Webmaster Tools. If your site is not already set up here, please click the following link to set up your FREE Webmaster account.

4. Identify the INFECTED file and its location using:Sucuri

5. Log into your site via FTP or SFTP and replace the infected file with your stored BACK-UP version.

6. Modify the permissions of your websites “Files” & “Directories” based on the following link: http://codex.wordpress.org/Changing_File_Permissions

Congratulations! You have now completed the first part. The next part only applies in the event that Google indexed the pages of your website after the malware was uploaded.

Once you’ve secured your site, you can request that the warning be removed by visiting: Google Webmasters

Here you will be able to request a review of your website and explain to the Google Gods what happened and the steps you took to correct the issue. Typically, if Google indexes your site after you have been hacked, they will send you an email notifying you of the situation and provide you with details on requesting a review. If your site is no longer harmful to users, Google will remove the warning and you will be removed as a “Google Blacklisted” site!

SEO Services experts.

You May Also Like