Tuesday, December 28, 2010

Stumbled on a hacked website

I would not normally react on it, but this one were a website belonging to a municipal in the country were I'm at, and it was hacked over three years ago (still is).

How well do you know your server?
So I sent a message their way. I seems this hack where done by accessing an upload that where not sanitized, giving the hackers the ability to run their own little php forum, advertising all sort of drugs for sale.

I thought I would do a quick check to see if any other municipal had employed the same flaws, or more accurately I was looking if any one else had fallen for the same type of hack .

That led me to a month old bug in Parallels H-Sphere and ProFTPD.

From a page being exploited by that bug; I found a very exact search phrase.

A way to good search phrase.

This lead me to overwhelming hits on .se even if the phrase could not legally be on that domain.

So at 3:am and on the notion that PDE5 inhibitors are advertised for sale on a Swedish political party "Moderaterna i europaparlementet" home page (amongst a gazillion others), I will go to sleep. PS: They have no IT contact listed, so I guess they will notice it when people start to complain over the products.

1 comment:

frisno said...

I got a reply from Hellefors municipal earlier this year, a friendly note saying that the head of IT will be informed (I was the cc), the site is still compromised, but since it ain't a security breach it may not be on priority one, but it do make me wonder, what sort of 'higher priority' problems they are struggling with.

Blog Archive