This does lead to some interesting observations though:
- The person who did this has no idea about the webpage they were hacking. If it was a targeted hit, (think ZF0), they probably would have done some visible defacing. If it is someone just looking to make money, there's no way they would knowingly tangle with all the heat that is probably going to be coming their way soon.
- Web page security is really hard. Over the last 6 months we've seen a large number of people in the security field have their webpages get hacked. Heck, even the NSA's main webpage was defaced.
- What does this say about the white-hat security community? As a member of that community this drives home the point that humility is important in this line of work.
I expect that the Hackers for Charity webpage will be fixed soon so if anyone is interested in doing some additional analysis, here are two of the spammer links, (they all pretty much are the same). I also have the entire webpage source-code available on request. Note, I changed the http to hxxp, and the www to aaa to avoid further helping the links advance their Google ranking.
- -- Buy Acomplia Online no Prescription
- -- Take Acomplia Cheap
Now back to writing the post I was planning to put up here...