We have been alerted by readers to the hacking of yet another high profile website in Zimbabwe, that of the Financial Gazette, www.financialgazette.co.zw. Our checks show that the website was hacked on Friday, 4 January 2013, and remains compromised at the time of posting this article.
Loading the Fingaz website right now shows the page in the screenshot below:
Some of you will probably notice that the hack, by a group called HighTech Brazil HackTeam, is similar to the one that hit the ZOL last week. And like the ZOL website defacement, this one also looks like a random attack on known content management vulnerabilities.
Our checks also show that the website is hosted internationally. The Financial Gazette, is one of the most read local weekly newspapers in Zimbabwe. Like other newspapers in the country, the media company’s establishment of online presence has not been smooth. Websites belonging to print media companies in Zimbabwe have been subjected to defacement in such random hacks.
Here are some examples in the past 2 years:
My oh my…when are they going to wake and smell the rot in their code?
Can techzim investigate if these sites where designed by the same person/company ? this is pointing to the designers/developers of the site?
For most, as this one, it is clear as crystal.
Lesson number n+1 from the hacks: Backup daily. File & DB. Roll-back becomes “easy” in the event of such incidents.
rollback to a unpatched, re-hackable site? not too smart!
You have no clue what I’m talking about
gives a whole new meaning to the word “hackfest” 😀
I see a lot of developers on here pointing out flaws etc, but maybe the best plan is to help educate us. Could techzim solicit advise on improving web security from a development and hosting perspective, it could be a really interesting article and help us all learn at the same time.
“Using known CMS vulnerabilities, they hacked the sites either through direct SQL injections or XSS by crafting code like It wont be hard to hack those sites with out of support Content management System and with exploits script available online.” – http://www.knowledge-republic.com/CRM/2012/12/case-study-on-www-pa-gov-sg-being-hacked-by-hightech-brazil-hackteam/
if direct sql injection was used i would shoot the person who did not do sql escaping, seriously!
Pingback: Zimbabwe Independent Website Hacked - The Zimbabwe Mail | The Zimbabwe Mail