Why does hidden Iframe inserted by Yii mean ?

Hi all.

I saw that Yii by it self, insert the code bellow into some view scripts.

What does it mean ?

What is the needed (intention) of this Iframe ?

My iGoogle fired a warning for trying to access this site and prevent me from access it. Google told me that the site belongs to China and that their content is extremely dangerous and suspected of distributing viruses.

Can anyone explain me what is happen ?



I’m pretty sure Yii isn’t doing this. It seems some web worm cracked your application and inserted that code (looks like a XSS attack, maybe via a SQL injection)  :o

I think that's not the Yii who is inserting this iframe.

Seems more like a virus.

woa never witnessed one of these before

@Jonah: yet it is a pretty common attack :(

@mnobre: are you using the anti-XSS and anti-SQL-injection features of Yii (for instance, HTMLPurifier and prepared statements)?

(well, prepared statements is not a feature exclusive to Yii)

An virus attack make sense !!!

Recently my Windows (residing in another partition) was attacked by the win32:vitro  virus series. This attack was worse than the sentinels have made in Zion city of Matrix film. In a few hours of use, all my own programs including the windows were destroyed. I Left the windows there and came here for the Ubuntu.

The question that a have asked is about the code (scripts) that I have migrate from windows partition to here.

So I think you should ignore my question.