Barely a day after we posted that the NewsDay was down, we got notified on Twitter that HMetro (www.hmetrozim.com) was suffering a similar problem. The website has been hijacked by hackers.
Here’s what you see if you open the HMetro website right now:
Like the NewsDay case, it doesn’t look like the HMetro was targeted for any specific reason other than that there is some vulnerability in the security of the site that random hackers crawling the web have taken advantage of to inject the phishing stuff. In fact, the hacking itself is most likely targeted at the website’s visitors than HMetro itself.
Attacks like the one the HMetro and NewsDay have suffered are fairly common and web security administrators need to deliberately guard against them. There are probably hundreds other cases of hijacked websites locally, only that most are not as popular and so go unnoticed.
HMetro is a daily tabloid owned by Zimbabwe’s largest newspaper publisher, Zimpapers. Zimpapers is government owned. It also publishes The Herald, The Chronicle, The Sunday Mail and The Sunday News.
UPDATE (04 Oct): The website has just been taken down. The database at least. here’s the most recent screenshot:
UPDATE (04 Oct): The HMetro website has since been restored and appears to be fully accessible now.
11 comments
In this internet age, its really no good just rushing a site out for publication without fully considering security implications on the web. The web is great but believe it or not there are web criminals out there. In Zim many of our sites are being caught completely off-guard. Many sites run on open source platforms which is good and I would recommend that any day. But many deployments simply overlook intrusion detection that are widely available on open source platforms. And yes you many have to invest in a additional stand-alone hardware, but that’s better that a hacked site. You can’t always be 100% hacker-proof, but you can harden your site a bit against a grade-7 hacker. Unfortunately many Zim sites are falling victim to grade-7 hackers.
This is good for our country I sarcastically bet. I think this will drive many companies to take security seriously and help create employment. Imagine the number of analysts employed by Sony after their debacle with LulzSec. (Just a wild idea….lol)
you are right man. it is good. people in the it sector(web tech) don’t take security seriously, it is a wake up call. maybe companies will start hiring real security professionals than just templates editors.
I dont think it is a coincidence that the website’s are being hacked. All media houses?
HMetroZim.com was not hacked, neither was it a security breach. It may be that the web master moved too soon in his admin and did not connect the database back again. Nothing more than a simple admin error.
Nonetheless, you are right the Web industry is now full of Template Editors than the old school PHP, Java, SQL, and HTML developers. I am personally sick of them as they are giving us a bad name.
They need to be weeded out, and fast…excuse my militant language, but I learnt the hard way and don’t want my business destroyed by fools.
the error before the database connection error is what led to the suspicion of a breach. Note that they (ZSE, HMetro, Newsday) all have phishing in common.
what’s a template editor and what is a developer?
why hasnt the herald been hacked?
Its probably next …..
we told them to stop publishing shi and they did not listen..and for the herald they do not talk shit