<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="http://purl.org/dc/elements/1.1/" version="XHTML+RDFa 1.0" xml:lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta name="verify-v1" content="fzFgq5wVfygUVAohjoZoq6Z7qQbxtRbFjCBEQQ/iRtI=" /> <title>while(false){.net}: </title> <meta name="description" property="dc:description" content="The web home and blog of Steven Anderson, web developer and standard nerd." /> <meta name="keywords" content="Steven,Anderson,web,developer,python,cakephp,physics" /> <meta property="dc:language" content="en"/> <meta property="dc:title" content="while(false){.net}"/> <link rel="dc:RightsHolder" resource="/steve/"/> <meta property="dc:creator" content="Steven Anderson"/> <link rel="dc:rights" resource="http://creativecommons.org/licenses/by/3.0/"/> <link rel="alternate" type="application/atom+xml" title="while(false){.net} feed" href="/feed.xml" /> <link rel="foaf:maker" href="/steve/"/> <!-- CSS stuff --> <link href='http://fonts.googleapis.com/css?family=Ubuntu' rel='stylesheet' type='text/css'> <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'> <link rel="stylesheet" href="/css/blueprint/screen.css" type="text/css" media="screen, projection" /> <link rel="stylesheet" href="/css/blueprint/print.css" type="text/css" media="print" /> <!--[if IE]><link rel="stylesheet" href="/css/blueprint/lib/ie.css" type="text/css" media="screen, projection" /><![endif]--> <link rel="stylesheet" href="/css/style.css" type="text/css" media="screen, projection" /> <link rel="stylesheet" href="/css/comments.css" type="text/css" media="screen, projection" /> <link rel="stylesheet" href="/css/pygments.css" type="text/css" /> <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script> <script type="text/javascript" src="/js/jquery.jslatex.js"></script> <script type="text/javascript" src="/js/site.js"></script> </head> <body> <!-- Head begins --> <div id="head"> <div class="inner-body"> <div id="login-controls"></div> <div> <h1 id="site-title"><a href="/">while(false){.net}</a></h1> <div id="site-description">rantings with various degrees of mindfulness</div> </div> <div id="static-pages-links"> <a href="/">blog</a> <a href="/steve/">about</a> <a href="/cats/">cats</a> </div> </div> </div> <div class="inner-body"> <div id="content"> <div class="inbox"> <h1>Archive of posts from 03 January 2012</h1> <div class="post" about="/2012/01/03/timthumb-hack-check-script"> <h2> <a content="TimThumb Hack Check Script" property="dc:title" href="/2012/01/03/timthumb-hack-check-script">TimThumb Hack Check Script</a> </h2> <div class="metadata"> <span content="2012-01-03" property="dc:created"> <a class="archive" href="/2012/">2012</a>-<a class="archive" href="/2012/01">01</a>-<a class="archive" href="/2012/01/03/">03</a> </span> </div> <div class="text-short"> <span class="dc:description"> I was recently a victim of the [timthumb vulnerability](http://duckduckgo.com/?q=timthumb+vulnerability). At first I noticed some rogue PHP in all my index.php files, which I cleaned up. But it turned out they had already got in enough to re-hack in no time at all. This time it was my javascript files which all had some obstruficated code in them, causing every page load to make a request to some random site. </span> </div> <div class="read-more"> <a href="/2012/01/03/timthumb-hack-check-script">continue reading</a> </div> </div> </div> </div> </div> <!-- Footer begins --> <div id="footer"> <div class="inner-body"> <div> <div class="copyrights"> All content licensed under <a rel="license" href="http://creativecommons.org/licenses/by/3.0/">Creative Commons 3.0 Attribution</a> (unless otherwise stated). <br/>Please reference <strong>Steven Anderson</strong> if you re-use any content.<br/> </div> <div><a href="http://www.w3.org/RDF/Validator/ARPServlet?URI=http%3A%2F%2Fwww.w3.org%2F2007%2F08%2FpyRdfa%2Fextract%3Furi%3Dhttp://www.whilefalse.net%26format%3Dpretty-xml%26warnings%3Dfalse%26parser%3Dlax%26space-preserve%3Dtrue%26submit%3DGo%21%26text%3D&PARSE=Parse+URI%3A+&TRIPLES_AND_GRAPH=PRINT_BOTH&FORMAT=PNG_EMBED">View RDF Graph...</a></div> <div><a href="http://www.openrightsgroup.org/support-org" title="Support ORG"><img src="http://www.openrightsgroup.org/badges/org_protect_150.gif" alt="Support the Open Rights Group" /></a></div> </div> <div class="right"> <!-- Google analitics counter --> <script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); </script> <script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-3568549-8"); pageTracker._trackPageview(); } catch(err) {}</script> </div> <div class="clear"></div> </div> </div> </body> </html>