So every now and again we get tips about local websites that have been hacked, defaced or compromised in one way or the other. In the past few days, there was an increase in such tips as quite a number of websites, most of organisations very well known, were compromised. As has been the case in the many previous cases we’ve seen, it doesn’t look like these hackers maliciously targeted these companies – just vulnerabilities random script kiddies come across.
The recent wave of compromise looks to have been targeting one particular vulnerability on Joomla powered websites. The hackers essentially uploaded malicious files in some directories on the websites. The hack itself (see example above in the case of the University of Zimbabwe) is not visible to visitors to the site, but demonstrates how malicious content that could potentially hurt visitors can be added to the site without the owner of the site knowing. We’re guessing a fix for that vulnerability was released but these websites just didn’t get patched.
Here’s a list of some of the websites we got to know of that got compromised. The links are to the screenshots we captured, so don’t be afraid to click through.
- University of Zimbabwe
- City of Harare
- Health Professions Authority
- Media Alliance of Zimbabwe
- Zimbabwe Democracy Institute
- National Biotechnology Authority
- Masvingo City (hack still active, avoid going to actual site)
- Amnesty International Zimbabwe
- Kantor Immerman
- Willowvale Mazda Motor Industries
- Medical and Dental Practitioners Council of Zimbabwe
Seeing most of these websites use the Joomla CMS, do you think there’s anything inherently insecure about Joomla, or this’s just indicative of the platform many web developers locally use, and that naturally therefore more Joomla sites than other CMSs get hit if left unpatched?