ATTENTENTION Webmasters - possible security vulnerability on school networks

[ZInventor]

This post is mainly intended as a warning, but also to see if anyone else has been affected.

Our school used to run Moodle, a sort of CMS / Online class software, and recently, the school newspaper's website (which i maintain along with our robotics site) got hacked.

curiously though, the result of the hack was the addition of a div marked display:none (thankfully) that contained links to pages on a ton of moodle sites. however, when we investigated a coupple of the sites, they seemed fishy. the pages had been added maliciously to the websites, and contained no relevance to the host.

it see if your website has a similar problem, put some comments like this around your "BODY" tag:

Code:

<!--The ghost div starts IMMEDIATELY after the open body tag.-->
<body><!--end ghost spam div-->

when you render the website in a browser, right click and hit "view source" if your site has been affected, there will be a huge ghost div in between the body tag and the second comment.

try viewing the source of this page (our newspaper site)

so far, we've been lucky and haven't had the div turn visible, but want to spread the word that this is happening to see if anyone knows how to stop it.

we have tried virus-scans, spyware scans... etc... and nothing has turned up. hopefully, not many people have this kind of problem, but if you do, please post here so that we can all check out each others sites. the way i see it, the more people we have looking, the better.

if you have any ideas on how to fix this type of problem, Please post! it would be much appreciated.

-Z