Pardon me for visiting the site and making some observations that may or may not concern you. However, if you haven't been working at 2:52am under a rock for the past 4 weeks, you might have noticed that there are some particularly nasty vulnerabilities that make use of javascript, animated cursors and ADS (alternate data streams). See
MS07-017 This vulnerability is being actively exploited and has compromised over 2000 websites already.
Pop-ups, embedded or not, such as the one shown below
not only block the view of the beautifully designed and laid-out site that you are advertising, but could pose significant risk to those that are enticed to explore further.
At 2:52am tonight, maybe your friend could have a peak at his code, and perhaps re-evaluate the following lines:
Code:
<!-- Ad by funpic.de --><noscript><div style="display:none"> </div>
</noscript><script type="text/javascript"
src="hxxp://media.funpic.de/layer.php?bid=20660543"></script>
<!-- End Ad by funpic.de --></body>
</html>
Note the http has been changed to hxxp to stop it from loading here.
I don't know if this page loads anything nefarious, however, I'm not about to click on any portion of it to find out. An "X" for closing the pop-up could just as easily execture code to compromise a system. Is the website looking to make money for "FunPic" or provide A6 info to the community?
I'm not trying to insult you or your friend, or accuse you of evil doing, but the site is useless to anyone that has an inkling about security. I don't really expect you to care, or to change anything on the site, but I will take your advice and shut... Good luck with your endeavours.
Mark
