Advertisement
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
If we do not hit our goal we will be forced to close the site.

Current status: https://keepboardsalive.com/

Annual subs are best for most impact. If you are still undecided on going Ad Free - you can also donate using the Paypal Donate option. All contribution helps. Thank you.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.

Last weeks Major Iframe exploit attacks

Comments

  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    Which reminds me. I saw an add on the tv that O2 are allowing you to browse bebo for free as part of some new package.

    I have never been to bebo, but I was wondering could you stick an iFrame on the page, and a small script which would allow you to load the rest of the web in the iframe and view it through bebo?

    Have been meaning to try it.


  • Closed Accounts Posts: 26 Bob.


    iframe ddos has been around for a long time, but its not really a good way of attempting to attack a website, nor is it actually an exploit as you have said so in the title.

    iframe attack is just opening a file (usually an image) in a site on your browser, you can download the image with multiple times to put pressure on the server, although the server can handle a lot of bandwidth, so your not affecting it much....

    this is where hacking into other websites and putting iframes on them comes in...

    you can have the iframe invisibe, and just say 1000 people visited the site a day, thats 1000 people putting pressure on the target server...

    @syklops

    nope bebo has disable javascript and html, i tried it before..only some html tags work, but thats only for bold text, italics ..e.t.c...and even if you could open and iframe in it, o2 would treat it as if your viewing another webpage, cos bebo isnt loading the data in the iframe, you are


  • Registered Users, Registered Users 2 Posts: 4,218 ✭✭✭_CreeD_


    Its not DDOS, it's using invisible Iframes to inject code into the clients via the browser, whether directly or more commonly by using it to redirect them transparently to malicious code on another server while they are visiting a normally safe one that has been compromised. So again not DDOS but direct attack an exploitation of host vulnerabilities through Iframes. Also this case was interesting in the that attackers essentially poisoned some legitimate site's search cache's so the security folks at the sites themselves would not notice as their own pages were not compromised.


Advertisement