Hey Hearthpwn folks,
Just an early heads up that I think your website files might have been hacked overnight. When browsing to the front page this morning I was presented with a pop up informing me I had won a free iPhone and to click OK to go register for it. The browser URL had also changed with a randomly generated url after the Hearthpwn.com web address. It’s pretty typical of a base64 hack going round at the minute which inserts PHP into the header of your index files to include an encrypted code from an unsecured file in your site. It checks for cookies too, so it only shows the first time a user browses to your site (in my case I was browsing using Safari for the first time on a new iPad, hence me not having the cookie already). For regular users it probably won’t show, even though the code is still triggered.
It’s not a security issue for users of the site, but if left unchecked, you’ll end up hit by Google for spam generated urls in the search index.
Maybe pass this to your web design folks so they can check on it?