|
|
|
|
|
|
by stordoff
4847 days ago
|
|
|
> Lines 4-8 make the whole stuff only match on people redirected to the hacked site by facebook, twitter and searches. I believe this is to extend the time before the site owner realises that the site has been compromised. They are less likely to visit via Facebook/Twitter/Search engines, so just see the normal site, even if most of their users get the compromised site. |
|
|