sblakethomas — 2013-04-06T15:09:21-04:00 — #1
I have inherited a site for my father in law's jazz band that has not been updated since 2010. When I was given the account which is in folders/files on a web hosting account site I only see a redirect code in the index.html file. The only reason the site was given to me was that I can write vba code, which I tried to explain was a little different than html. I am sure I can learn it and I know a little VERY little.
Can someone tell me what the code below means? I can't seem to find the code for the home page, which I can find by viewing the code when the site is up, but I can't seem to find it in the file manager.
<html><FRAMESET border='0' ROWS='*,1'><FRAME SRC='http://dsnextgen.com/?a_id=101686&domainname=referer_detect'><FRAME SRC='blank.html'> </FRAMESET> </html>
When I click preview next to this file, the site comes up.
Also, after reading the tickets that have been submitted for the account I found one that stated the account we hold is a domain holding account. What is the difference between a domain holding account and a hosting account and could this be why I am not seeing the actual files I need to manipulate?
Thanks so much for any help. Again I am a newbie at this and the guy who created the site originally worked for a software company, so I have a feeling he may have done something that non of us will be able to figure out.
xhtmlcoder — 2013-04-06T15:18:51-04:00 — #2
It looks like that site has possibly been infected and compromised with drive-by malware!
sblakethomas — 2013-04-06T15:30:28-04:00 — #3
loverly. What should I do? Should I deactivate the site and start over?
xhtmlcoder — 2013-04-07T06:29:42-04:00 — #4
When I saw that code in Post #1 the name URL looked rather suspect. So I "Googled" that domain name. All I could find were dozens of references to it; hosting viruses, malware and shady advertising and suspicious activity. Even on Web of Trust rating: http://www.mywot.com/en/scorecard/dsnextgen.com it looks highly suspect. So obviously I aren't going to visit that site or load the code you posted just to be on the safe-side.
So perhaps, I strongly suggest you might want to post in our SPF Web Security forum if you need advice about seeing if the site has been compromised and what action to take.
Though generically what that markup sample basically does is load a FRAMESET page; split horizontal into two frames, the (bottom frame) loading a 1 pixel in height page called blank.htm and the remainder (top frame) being filled by that possibly malicious site... that could be doing god knows what mischief as it's linking to a script.
A Domain holding account is just an account to manage or hold domain names. A Hosting account is where you host the files on the server.
sblakethomas — 2013-04-07T14:19:26-04:00 — #5