<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN"
    "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
      xmlns:foaf="http://xmlns.com/foaf/0.1/"
      xmlns:dc="http://purl.org/dc/elements/1.1/" 
      version="XHTML+RDFa 1.0" 
      xml:lang="en">
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <meta name="verify-v1" content="fzFgq5wVfygUVAohjoZoq6Z7qQbxtRbFjCBEQQ/iRtI=" />
    <title>while(false){.net}: </title>
    <meta name="description" property="dc:description" content="The web home and blog of Steven Anderson, web developer and standard nerd." />
    <meta name="keywords" content="Steven,Anderson,web,developer,python,cakephp,physics" />
    <meta property="dc:language" content="en"/>
    <meta property="dc:title" content="while(false){.net}"/>
    <link rel="dc:RightsHolder" resource="/steve/"/>
    <meta property="dc:creator" content="Steven Anderson"/>
    <link rel="dc:rights" resource="http://creativecommons.org/licenses/by/3.0/"/>
    <link rel="alternate" type="application/atom+xml" title="while(false){.net} feed" href="/feed.xml" />
    <link rel="foaf:maker" href="/steve/"/>

    <!-- CSS stuff -->
    <link href='http://fonts.googleapis.com/css?family=Ubuntu' rel='stylesheet' type='text/css'>
    <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
    <link rel="stylesheet" href="/css/blueprint/screen.css" type="text/css" media="screen, projection" />
        <link rel="stylesheet" href="/css/blueprint/print.css" type="text/css" media="print" />
        <!--[if IE]><link rel="stylesheet" href="/css/blueprint/lib/ie.css" type="text/css" media="screen, projection" /><![endif]-->
    <link rel="stylesheet" href="/css/style.css" type="text/css" media="screen, projection" />
    <link rel="stylesheet" href="/css/comments.css" type="text/css" media="screen, projection" />
    <link rel="stylesheet" href="/css/pygments.css" type="text/css" />

    <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
    <script type="text/javascript" src="/js/jquery.jslatex.js"></script>
    <script type="text/javascript" src="/js/site.js"></script>
  </head>
  <body>

    <!-- Head begins -->
    <div id="head">
      <div class="inner-body">
        <div id="login-controls"></div>
        <div>
  <h1 id="site-title"><a href="/">while(false){.net}</a></h1>
  <div id="site-description">rantings with various degrees of mindfulness</div>
</div>
<div id="static-pages-links">
  
    
    
    <a href="/">blog</a>
    
    
  
    
    
    <a href="/steve/">about</a>
    
    
  
    
    
    <a href="/cats/">cats</a>
    
    
  
</div>

      </div>
    </div>

    <div class="inner-body">
      <div id="content">
        <div class="inbox">
          <h1>Archive of posts from 03 January 2012</h1>

<div class="post" about="/2012/01/03/timthumb-hack-check-script">
  <h2>
    <a content="TimThumb Hack Check Script" property="dc:title" href="/2012/01/03/timthumb-hack-check-script">TimThumb Hack Check Script</a>
  </h2>
  <div class="metadata">
  <span content="2012-01-03" property="dc:created">
    <a class="archive" href="/2012/">2012</a>-<a class="archive" href="/2012/01">01</a>-<a class="archive" href="/2012/01/03/">03</a>
  </span>
</div>

  <div class="text-short">
    <span class="dc:description">
      I was recently a victim of the [timthumb vulnerability](http://duckduckgo.com/?q=timthumb+vulnerability). At first I noticed some rogue PHP in all my index.php files, which I cleaned up. But it turned out they had already got in enough to re-hack in no time at all. This time it was my javascript files which all had some obstruficated code in them, causing every page load to make a request to some random site.


    </span>
  </div>
  <div class="read-more">
    <a href="/2012/01/03/timthumb-hack-check-script">continue reading</a>
  </div>
</div>



        </div>
      </div>
    </div>

    <!-- Footer begins -->
    <div id="footer">
      <div class="inner-body">
        <div>
  <div class="copyrights">
    All content licensed under <a rel="license" href="http://creativecommons.org/licenses/by/3.0/">Creative Commons 3.0 Attribution</a> (unless otherwise stated). 
    <br/>Please reference <strong>Steven Anderson</strong> if you 
    re-use any content.<br/>
  </div>
  <div><a href="http://www.w3.org/RDF/Validator/ARPServlet?URI=http%3A%2F%2Fwww.w3.org%2F2007%2F08%2FpyRdfa%2Fextract%3Furi%3Dhttp://www.whilefalse.net%26format%3Dpretty-xml%26warnings%3Dfalse%26parser%3Dlax%26space-preserve%3Dtrue%26submit%3DGo%21%26text%3D&amp;PARSE=Parse+URI%3A+&amp;TRIPLES_AND_GRAPH=PRINT_BOTH&amp;FORMAT=PNG_EMBED">View RDF Graph...</a></div>
  <div><a href="http://www.openrightsgroup.org/support-org" title="Support ORG"><img src="http://www.openrightsgroup.org/badges/org_protect_150.gif" alt="Support the Open Rights Group" /></a></div>
</div>
<div class="right">
  <!-- Google analitics counter -->
  <script type="text/javascript">
    var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
    document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
  </script>
  <script type="text/javascript">
    try {
      var pageTracker = _gat._getTracker("UA-3568549-8");
      pageTracker._trackPageview();
    } catch(err) {}</script>
</div>
<div class="clear"></div>

      </div>
    </div>
  </body>
</html>