Louisville Bar Association – Pages partially hijacked

Today, a friend posted a link to an event on Facebook.

Facebook link to event
Facebook link to event

When you click the link, none of the Viagra text appears on the page, but if you take a quick look at the page source code, you find the string of hijacked code, before the html tag, prefixed with:

<!– qweiop21 –>


A quick google search reveals that others have had sites hijacked with a similar moniker.

I began to worry that the entire website may have been compromised, but it appears that only the pages on the unsecured (port 80) were effected. So, if you link to the public facing side of the LBA on facebook, you’re likely to get a refreshing Facebook ad full of viagra and ED treatment options.

I attempted to email the LBA at many of the addresses listed on the site, including info and admin, but got email bouncebacks. I sent an additional message to the Membership Director and I’m still waiting to hear back. I’ll post the update when I receive it.


I received an email from the Membership Director at LBA, who indicated that the Technical Consultant for LBA was working to resolve the issue with the web host.

Leave a Reply

Your email address will not be published. Required fields are marked *