Code Injection Help


Recommended Posts

Hi

firstly, please accept my apologies if this has been posted in the wrong sub-forum.

I recently got alerted by Google as to potential malicious content being served from one of my sites.

The page in question is essentially a subdomain for a podcast service.

I have a bespoke PHP script which automatically generates an XML Podcast feed from files on my server. I then use Google Feedburner which references the original XML feed.

Now, my setup is as follows:

  • podcast.<domain>.co.uk (ie index.php) - a PHP script which redirects those requesting it from an Apple device to the Posdcast on the iTunes store. All other requests are redirected to the Google Feedburner served Feed.
  • Google Feedburner feed references the original feed which is at <subdomain.<domain>.co.uk/feeds/
  • iTunes Store podcast listing also links to Google Feedburner feed.

When i got the alert, noticed that the feedburner feed is outputting an iFrame at the start, followed by the Feedburner optimised XML feed. The iFrame URL looks like it changes as when I first looked into it yesterday it pointed to one URL, and later to another one.

What is odd however, is that accessing my original Podcast feed (at podcast.<domain>.co.uk/feeds), this injected code is not there! Only the Feedburner feed is affected.

I've had a look at the my code (which I havn;t updated in months!) and there is NO code which outputs anything above the <rss> tag, so I doubt this is an issue with my code being infected, and even if it was, I'd have expected accessing my feed directly (ie not via Feedburner) to include the same <iframe> code, which it doesn't.

Is it therefore safe to assume that Feedburner is the cause?

I've taken my entire podcast.<domain>.co.uk domain down to try and prevent any spreading, while I resolve this.

Could anyone advise

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.