Security firm Sophos warns website operators for a number of sophisticated aanvalsmethodes. With the help of php scripts, sites may gedefaced without the owner’s notice.
A growing number of sites by hackers attacked by code injection attacks, mainly via iframes. Via the iframes are then php scripts are loaded, reports Sophos. By adjustments to the script can be a site for any visitor of the website requests gedefaced, while search engine bots to be excluded.
By excluding the search engines to prevent cracked pages out of the search indexes will be deleted. Moreover, the scripts via a blacklist so that a visitor only once the defacement, which it is somewhat more difficult to identify the problem.
Sophos also notice that the malicious php-scripts are manipulated by website operators and security filters less likely to be detected. Not only is the code several times, encrypted and compressed through php functions such as base64_decode and gzinflate, also, the script through obfuscation even more difficult to detect. According to Sophos, site owners can against this attack partly defended by regular the file size and date of php-scripts on the server to check for possible abnormalities.