Zimbabwean websites (.co.zw TLD) are easy pickings for hacker groups making names for themselves – that is the impression I get looking at the sheer number of defaced websites. The state of local website security is appalling. After my research, the most worrying thing I found is how long some websites stay defaced, it’s almost as if no one is looking after them.
Getting your website defaced says one thing: you were vulnerable. Staying defaced says something else: you lack the ability to detect your site was compromised (bad) or you lack the will (worse). It also confirms that your site is still vulnerable; leaving the door wide open for further hacks .Some hackers choose to patch the vulnerability they used to break in to prevent others from riding their coat-tails, leaving a back-door for only themselves, but this ‘altruism’ is rare.
Despite targeted acts of ‘hacktivism’, defacements are usually automated, drive-by affairs (scan or search for a large number of domains, take note of vulnerable ones and attack). You can keep your site safe by simply not being in the list of vulnerable sites. As the saying goes: “You don’t have to run faster than the lion to get away. You just have to run faster than the guy next to you”.
The table below contains .co.zw websites that were defaced in the recent past (and most still are) – these are the ones I could find and is not an exhaustive list. The ‘defacement date’ is the earliest date I could find when defacement was active – the actual start could be earlier. This date could not be established for a fraction of the websites. I am not linking to the websites for your security (and strongly discourage you from visiting the defaced websites: visiting a compromised website is an easy way to get viruses)
|hideaway||-||Yes: Site suspended|
‘Cyber Life Health Systems’ win the dubious award of having their website compromised for the longest period (over 2 years and running!). They also get a trophy for irony. I am impressed and disappointed in equal parts because for 2 years, someone was forking over payments for hosting and domain renewal without ever checking if the website is there at all.
If your threat model is “don’t get randomly defaced”, here’s how to keep yourself (relatively) safe:
- Use strong password (this should really go without saying)
- Have someone responsible for your website, or someone that monitors it from time to time at the very least
- Update your CMS/plugins as soon as stable releases become available. Did a new version of WordPress come out? Upgrade now. New version of a plugin released? Upgrade immediately
- move your admin interface to non-standard paths. Change that admin.php or login.php to something else where automated scanning tools won’t find them
- if available on your CMS/platform, enable anti-bruteforce blacklist script/plugins. There is no reason for you to allow 100 login attempts a minute