Re: Hidden spam links injected into web pages



Terry_P <me@xxxxxxxxxxx> writes:

I have become aware that a hidden list of spam links were inserted at
the end of several of my web pages a few days ago. My web host claims that
my FTP password must have been cracked but I am sceptical of this
explanation. The links pointed to what has now been confirmed as a
compromised computer at uchicago.edu and were then redirected to nudai.com
which has further links to peakpc.com . The links related to phentermine
and other drugs.

A Google search for "how long does phentermine stay in the body" reveals
that a large number of blog sites have phentermine comment spam. However
what I am reporting is HTML pages altered presumably by a script to include
spam links. Is this a new as yet unreported strategy by spammers?

Please check your web pages for spam link injection. The links are hidden
so you must check the source for alterations.

Web page defacements aren't all that new, but perhaps this is a novel
use for them.

What active scripting are you using on your site (e.g. php?, what
scripts?) ? That's a more likely injection vector than a cracked ftp
password?

--
Todd H.
http://www.toddh.net/
.