AMH news websites NewsDay, Independent and Standard, hacked

L.S.M Kabweza Avatar

Earlier today we got tipped that 3 news websites belonging to one of Zimbabwe’s largest media companies, Alpha Media Holdings, had been hacked. We verified and indeed confirmed that NewsDay, The Zimbabwe Independent, and The Standard had all been hacked by the same hackers.The hackers basically introduced new malicious files onto the websites’ servers in an attempt to divert visitors to a defaced version of the homepage.

Here’s a screenshot of the malicious pages showing in a web browser:

newsday-attack

The particular mission to deface the site largely failed, except ofcourse for any visitors that accessed the malicious file directly. It’s also an issue if the search engines detect the malicious files when they crawl the site as they will then warn users away from it.

All three sites were attacked the same way and indication they had from the same security vulnerability. We contacted Alpha Media Holdings and alerted them to the issue. It’s since been fixed.

As you can see from the screenshot, the attackers are going with the #FreeSyrian hacktivism cause, but we doubt they specially targeted AMH.

14 comments

  1. brainy

    though it was one of the most secure sites in zimbabwe,any how it was on the server site ,this i an sure….

    1. Farai

      What made you think that?

  2. ngth

    so much for AMH insisting on external hosting cos it is better than zim hosting, didn’t help them this time.

  3. Muti

    This is funny.

  4. fungai

    it because these guys wakawomera they should not download ma free components on the internet to build their websites, the free stuff on the net has a lot of trojans and bugs

    1. L.S.M. Kabweza

      You may know better but I don’t think this is about free components. Just a security configuration issue.

      1. Farai

        WordPress is the most hacked when compared to Joomla and Drupal. They had it coming being a small developer team product. Just look at how many patches they have gone through. Joomla has matured from the Mambo days and is much more stable with a big user community contributing to its development, but is it friendly?

        1. Keith

          You’re obviously talking out your rear end. Joomla has literally hundreds of known exploits.

  5. Time

    Ahh I love Joomla so much but its so frustrating when these Zim companies fail to maintain them and then the uneducated come with their hubba bubba of cussing out Joomla! Im no super web developer but I have built a few Joomla sites, installed RS Firewall, did all the required security configurations it suggested and they have never fallen pray to these type of attacks. Sometimes spending just $100 on a security component can go a long long way!

    1. Dev1

      Time it’s not a Joomla website

    2. Farai

      From another forum, and I tend to agree:

      Security

      WordPress is notorious for being the least secure CMS. While this is definitely because it is the most popular CMS, and thus relatively easier to hack, it still cannot be denied that newer security loop-holes are discovered in WP way more often than in either Drupal or Joomla! Furthermore, WP plugins and themes too come with their share of hacks and exploits.

      Drupal, on the other hand, seems to be the most secure CMS of the three, with the least number of hacks and exploits, on an average (it was chosen by The White House for its website, after all).

  6. Farai

    Somebody didn’t patch and lockdown their systems or they use a lousy ftp password. Either way, these hackers just wanted to show something for their cause. Malicious ones would have loaded enough porn, illegal/pirate software and viruses to make the admin cry. Maybe others in the same physical server got hit, who knows?
    By the way, they use WordPress, not Joomla.

  7. Zimbabwe Independent Website Hacked – Techzim

    […] is not the first that the AMH website has been hacked. In 2013 hackers on a Free Syrian Hacktivism campaign gained control of the NewsDay, The Zimbabwe Independent, and The Sta… websites and diverted visitors to a variation of the original […]

  8. Zimbabwe Independent Website Hacked – The Zimbabwe Mail | The Zimbabwe Mail

    […] is not the first that the AMH website has been hacked. In 2013 hackers on a Free Syrian Hacktivism campaign gained control of the NewsDay, The Zimbabwe Independent, and The Sta… websites and diverted visitors to a variation of the original […]

2023 © Techzim All rights reserved. Hosted By Cloud Unboxed