Malicious JavaScript

So. A few months back, a friend of mine stated that he saw ads on my blog. Seeing as though I never try to monetize my sites, I took this as a laughable claim and was similarly unable to find these ads he spoke of. I verified these findings with a few others, and they couldn't find any ads either.

Today, however, when my sister visited my site, a large ad was clearly visible on the right hand side. I immediately started looking for the source of the problem. It was no where to be found in the source of the page. The problem was nested in a piece of JavaScript I use to open outbound links in a new window.

The source had been changed so that, instead of displaying links in new windows, it displayed a large banner ad on the side of the page while placing cookies in the users browser.

I apologize for not picking up on this sooner, and am looking into how it occurred in the first place. This should serve as a lesson in how not to secure a website.

Permanent Link · Published on June 10th, 2009

A bit about me

I'm a freelance web designer from just outside of Chicago, Illinois. I focus on usability and simplicity. I use CSS wherever possible, leave the complex art to others, and write standards-compliant markup.

Beyond that, I study engineering, write reviews for consumer electronics, and like fast cars.

Want to start a conversation? Send me an email.

Latest from Twitter

Recent Posts

For more articles, check out the archive.