It is important to distinguish malicious scripts from legitimate developers using the Facebook Graph API or PHP SDK. Legitimate PHP code is used for: Simple example to post to a Facebook fan page via PHP? 19 Oct 2011 —
?>
obfuscate this file path. Instead of logs/facebook_logs.txt , they might use: facebook phishing postphp code
These lines log the victim’s IP address and browser user agent. This serves two purposes for the attacker: It is important to distinguish malicious scripts from