Hackers hit ICT Ministry’s e-Tech Africa website

Posted by

A website belonging to Zimbabwe’s Ministry of ICT has been hacked. The website, on address www.etechafrica.co.zw, is the tech ministry site for the e-Tech Africa expo, the first of which was held last year. The hack is hard to notice as the attackers didn’t deface the site’s own pages, but introduced new ones, such as this one called root. Here’s a screenshot form the page:

etech-africa-hack

The attack was by a group called claiming to be from Indonesia whose objective, according to the page, is to prove that the site is not secure enough. The attack appears to be taking advantage of unrestricted file upload vulnerabilities to introduce the new web pages to the site. At best, the hack just proves the weakness, and at worst new harmful functionality (to both the site and visitors to it) could be introduced through the pages.

The website runs on popular open source content management system, Joomla (no, we’re not implying that Joomla is inherently weak.) It was developed by a government affiliated internet service provider, ZARNet.

advertisement


10 Comments

  1. beatnyama says:

    Joomla itself is secure with the usual vulnerability here and there. What opens sites to hacking are vulnerable plugins and templates. I’ve seen it happen many times before.

    1. Member says:

      probably a matter of unsecure web servers

      1. beatnyama says:

        That also contributes as well. People take web server security for granted

  2. macdchip says:

    If you buy your new top of the range car with all security, you then pack it by the side of the road and leave it unlocked.

    If it get broken into and stuff gets stolen, would yu turn around and claim the car is not good enough?

    The tools to secure joomla are there. Just because people doesnt know how to secure joomla means its not secure.

    1. am not maxsoutter says:

      do have a joomla site that you have secured? send me link,

      1. [email protected] says:

        You have to be silly if you honestly think he would send you that… for a dare.

        If you’re feeling like a hero, you could install core Joomla and hack it yourself, then boast on your prowess and even gain instant recognition with the developers themselves.

  3. yagni says:

    joomla fan bois going on the defensive on their own. kinda funny

  4. purple says:

    You just need to keep your site updated and secured. Overtime its advisable to move to later longterm version. In this case Joomla 2.5 which has better update facilities as compared to Joomla 1.5

  5. MI5 says:

    to avoid this eeriously, there is only one thing I can say about this Joomla software, NEVER use it “drupal is better than joomla”

  6. Sija says:

    There’s no CMS that you can say is better than other because they all serve different purposes. You choose whatever suits you best. Joomla is a good CMS, I’ve used it for years. What’s important is keeping it up to date with the latest versions and implementing the security features. Then again, there’s no 100% security on any website. It’s an ongoing process of keeping it up to date as frequently as you can

Leave a Reply

Your email address will not be published.