Another high profile website hacked, this time it’s Fingaz

Posted by

We have been alerted by readers to the hacking of yet another high profile website in Zimbabwe, that of the Financial Gazette, www.financialgazette.co.zw. Our checks show that the website was hacked on Friday, 4 January 2013, and remains compromised at the time of posting this article.

Loading the Fingaz website right now shows the page in the screenshot below:

Financial Gazette website hacking

Some of you will probably notice that the hack, by a group called HighTech Brazil HackTeam, is similar to the one that hit the ZOL last week. And like the ZOL website defacement, this one also looks like a random attack on known content management vulnerabilities.

Our checks also show that the website is hosted internationally. The Financial Gazette, is one of the most read local weekly newspapers in Zimbabwe. Like other newspapers in the country, the media company’s establishment of online presence has not been smooth. Websites belonging to print media companies in Zimbabwe have been subjected to defacement in such random hacks.

advertisement

Here are some examples in the past 2 years:

Thank you Greg Kawere

11 Comments

  1. Dogstar says:

    My oh my…when are they going to wake and smell the rot in their code?

  2. Haki says:

    Can techzim investigate if these sites where designed by the same person/company ? this is pointing to the designers/developers of the site?

    1. tinm@n says:

      For most, as this one, it is clear as crystal.

  3. tinm@n says:

    Lesson number n+1 from the hacks: Backup daily. File & DB. Roll-back becomes “easy” in the event of such incidents.

    1. allan says:

      rollback to a unpatched, re-hackable site? not too smart!

      1. tinm@n says:

        You have no clue what I’m talking about

  4. kthaker says:

    gives a whole new meaning to the word “hackfest” 😀

  5. ngth says:

    I see a lot of developers on here pointing out flaws etc, but maybe the best plan is to help educate us. Could techzim solicit advise on improving web security from a development and hosting perspective, it could be a really interesting article and help us all learn at the same time.

  6. DotLiquid says:

    “Using known CMS vulnerabilities, they hacked the sites either through direct SQL injections or XSS by crafting code like It wont be hard to hack those sites with out of support Content management System and with exploits script available online.” – http://www.knowledge-republic.com/CRM/2012/12/case-study-on-www-pa-gov-sg-being-hacked-by-hightech-brazil-hackteam/

    1. Shady Echo $:19 says:

      if direct sql injection was used i would shoot the person who did not do sql escaping, seriously!

Leave a Reply

Your email address will not be published.

css.php