Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Last weeks Major Iframe exploit attacks

Comments

  • #2
    syklops
    Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    Which reminds me. I saw an add on the tv that O2 are allowing you to browse bebo for free as part of some new package.

    I have never been to bebo, but I was wondering could you stick an iFrame on the page, and a small script which would allow you to load the rest of the web in the iframe and view it through bebo?

    Have been meaning to try it.


  • #3
    Bob.
    Closed Accounts Posts: 26 Bob.


    iframe ddos has been around for a long time, but its not really a good way of attempting to attack a website, nor is it actually an exploit as you have said so in the title.

    iframe attack is just opening a file (usually an image) in a site on your browser, you can download the image with multiple times to put pressure on the server, although the server can handle a lot of bandwidth, so your not affecting it much....

    this is where hacking into other websites and putting iframes on them comes in...

    you can have the iframe invisibe, and just say 1000 people visited the site a day, thats 1000 people putting pressure on the target server...

    @syklops

    nope bebo has disable javascript and html, i tried it before..only some html tags work, but thats only for bold text, italics ..e.t.c...and even if you could open and iframe in it, o2 would treat it as if your viewing another webpage, cos bebo isnt loading the data in the iframe, you are


  • #4
    _CreeD_
    Registered Users, Registered Users 2 Posts: 4,179 ✭✭✭_CreeD_


    Its not DDOS, it's using invisible Iframes to inject code into the clients via the browser, whether directly or more commonly by using it to redirect them transparently to malicious code on another server while they are visiting a normally safe one that has been compromised. So again not DDOS but direct attack an exploitation of host vulnerabilities through Iframes. Also this case was interesting in the that attackers essentially poisoned some legitimate site's search cache's so the security folks at the sites themselves would not notice as their own pages were not compromised.


Advertisement