dave_m

I came across some Perl used for defacing websites. Not the standard stuff that adds a picture or scriptkiddie text, but adds an iframe to a website that was used (probably unknowingly) with the Eleonore Exploit Kit.

The Perl just globs standard html files (e.g., html, asp, php, etc), opens them, and appends the iframe to it (and remembers to CLOSE the file handle, too). That's it. Pretty manual. Not as automated as I thought it would be. I expected that it would at least change directories to the standard html directories or delete logs or something, but no... and it's clearly not us…

This statement is on my Ohloh page for ClamTk:

"Across all Perl projects on Ohloh, 28% of all source code lines are comments. For ClamTk, this figure is only 14%.

This lack of comments puts ClamTk among the lowest one-third of all Perl projects on Ohloh."

Now when I first saw that, the figure was probably 8%. Ohloh has since shamed me into obsessively adding more. I'm somewhat embarrased about the low number of comments - especially after developing this for 6+ years - but the 28% figure stuns me. In a g…