Malicious JavaScript
So. A few months back, a friend of mine stated that he saw ads on my blog. Seeing as though I never try to monetize my sites, I took this as a laughable claim and was similarly unable to find these ads he spoke of. I verified these findings with a few others, and they couldn't find any ads either.
Today, however, when my sister visited my site, a large ad was clearly visible on the right hand side. I immediately started looking for the source of the problem. It was no where to be found in the source of the page. The problem was nested in a piece of JavaScript I use to open outbound links in a new window.
The source had been changed so that, instead of displaying links in new windows, it displayed a large banner ad on the side of the page while placing cookies in the users browser.
I apologize for not picking up on this sooner, and am looking into how it occurred in the first place. This should serve as a lesson in how not to secure a website.
Comments