advertisementBuy ZESA tokens online
#Security

Lax security leading to rampant website defacement

   

Zimbabwean websites (.co.zw TLD) are easy pickings for hacker groups making names for themselves – that is the impression I get looking at the sheer number of defaced websites. The state of local website security is appalling. After my research, the most worrying thing I found is how long some websites stay defaced, it’s almost as if no one is looking after them.

Getting your website defaced says one thing: you were vulnerable. Staying defaced says something else: you lack the ability to detect your site was compromised (bad) or you lack the will (worse). It also confirms that your site is still vulnerable; leaving the door wide open for further hacks .Some hackers choose to patch the vulnerability they used to break in to prevent others from riding their coat-tails, leaving a back-door for only themselves, but this ‘altruism’ is rare.

Despite targeted acts of ‘hacktivism’, defacements are usually automated, drive-by affairs (scan or search for a large number of domains, take note of vulnerable ones and attack). You can keep your site safe by simply not being in the list of vulnerable sites. As the saying goes: “You don’t have to run faster than the lion to get away. You just have to run faster than the guy next to you”.

advertisement

The table below contains .co.zw websites that were defaced in the recent past (and most still are) – these are the ones I could find and is not an exhaustive list. The ‘defacement date’ is the earliest date I could find when defacement was active – the actual start could be earlier. This date could not be established for a fraction of the websites. I am not linking to the websites for your security (and strongly discourage you from visiting the defaced websites: visiting a compromised website is an easy way to get viruses)

DomainDefacement dateFixed?
albmed2015-03no
bilcro-
bmx-no
chs2014-04no
colourdemo.sigcomx2015-05no
cyberlifehealthsystems2013-04no
directproducts-no
dominionministries2015-05no
eastleapaints-no
exclusivebrands-no
hararenews2015-03no
hardrock2014-10no
hideaway-Yes: Site suspended
ict4d2015-03no
jbk-no
maco2015-06yes
mitc-no
mvuramanzi-no
nano-world*-no
photomatrix-yes
slgmedicals-no
technews2015-03yes
tengai2015-07yes
unlimitedexplorations-no
unwto2013-no
work.3degrees-no
worldclassmotors2014-05no
zimbabweschoolguide2015-06yes
zimoco2015-08yes

‘Cyber Life Health Systems’ win the dubious award of having their website compromised for the longest period (over 2 years and running!). They also get a trophy for irony. I am impressed and disappointed in equal parts because for 2 years, someone was forking over payments for hosting and domain renewal without ever checking if the website is there at all.

If your threat model is “don’t get randomly defaced”, here’s how to keep yourself (relatively) safe:

  • Use strong password (this should really go without saying)
  • Have someone responsible for your website, or someone that monitors it from time to time at the very least
  • Update your CMS/plugins as soon as stable releases become available. Did a new version of WordPress come out? Upgrade now. New version of a plugin released? Upgrade immediately
  • move your admin interface to non-standard paths. Change that admin.php or login.php to something else where automated scanning tools won’t find them
  • if available on your CMS/platform, enable anti-bruteforce blacklist script/plugins. There is no reason for you to allow 100 login attempts a minute


Quick NetOne, Telecel, Africom, And Econet Airtime Recharge

If anything goes wrong, chat with us using the chat feature at the bottom right of this screen

You might also like

Liquid Telecom to take full control of Botswana subsidiary

Local startup Wellnescript has launched an employee wellness platform

MultiChoice Group selects Metrological to deliver premium OTT services to DStv

Harare City Council to blacklist rate defaulters