Malicious JavaScript

An article posted on Jun 10, 2009.

So. A few months back, a friend of mine stated that he saw ads on my blog. Seeing as though I never try to monetize my sites, I took this as a laughable claim and was similarly unable to find these ads he spoke of. I verified these findings with a few others, and they couldn't find any ads either.

Today, however, when my sister visited my site, a large ad was clearly visible on the right hand side. I immediately started looking for the source of the problem. It was no where to be found in the source of the page. The problem was nested in a piece of JavaScript I use to open outbound links in a new window.

The source had been changed so that, instead of displaying links in new windows, it displayed a large banner ad on the side of the page while placing cookies in the users browser.

I apologize for not picking up on this sooner, and am looking into how it occurred in the first place. This should serve as a lesson in how not to secure a website.

1 Comment

The_PHP_Jedi
So I wasn't hallucinating? Yay! The second time I visited your blog (after reporting the ad to you), the ad didn't show up, so I dismissed it just as you did. I suspected injected Javascript, but was unable to identify it. Was it obfuscated?

Leave a Response

Search

Go

Latest Tweet
Koenigsegg Agera? I'll take one, without the center stripe preferably. http://tinyurl.com/ybzch35 #

Recommended

Contact Me

View all my articles.