You may notice that some previously accessible sections of the site are now temporarily “down”. I noticed some oddities over the Christmas holiday weekend, and I discovered that somehow some Javascript had been injected into all of my .php and .html files, but only if they contained the text </body>. If the closed body tag was present, the script was inserted.
Since I had been looking at using several open-source software packages for the various sections of my site, I’m not entirely sure where the vulnerability is/was. Don’t be surprised if things appear a little funky, though, as I review the logs and work with my hosting provider to determine where the problem was and plug the hole.
This entry was posted on Monday, December 26th, 2005 and is filed under CB.com. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.