Sparrow-Framework.org hacked [solved]Daniel Sperl on August 25, 2011
some of you might have had an unpleasant surprise on their last visit of the Sparrow-Framework pages. They were welcomed not with a cute, innocent, little bird - but with this serious looking security guy:
You can imagine how thrilled I was at his appearance!
Well, the fact is: he was right. Some bad, unfriendly criminal (reportedly he was unshaved and rather fat - not a pretty view!) used a vulnerability in one of our scripts to insert some bad code into our web page.
Being a very cautious person, I’m always keeping the server software up-to-date, and the bad script was already fixed a few days ago. However, it seems that I was a little too late - the intruder had already exploited the vulnerability. However, we found the change he made and removed that code. It will take a while, though, until our domain is removed from Google’s blacklist.
Now, the important part: was this dangerous for our visitors? Fear not, I haven’t heard from any actual harm being done. Most malware does not work on up-to-date browsers and operating systems anyway (and are targeting Windows, while most of you will be running OS X).
So, all I can do now is apologize for the inconveniences this might have caused. We’ll do our best to avoid attacks like that in the future - but as we just learned, there’s no guarantee for anything; not even for our small chicken. Ehm. Sparrow. ;-)
EDIT (2011-08-26): Heureka, Google removed us from the blacklist! The warning page has gone.