Zimbabwean websites (.co.zw TLD) are easy pickings for hacker groups making names for themselves – that is the impression I get looking at the sheer number of defaced websites. The state of local website security is appalling. After my research, the most worrying thing I found is how long some websites stay defaced, it’s almost as if no one is looking after them.
Getting your website defaced says one thing: you were vulnerable. Staying defaced says something else: you lack the ability to detect your site was compromised (bad) or you lack the will (worse). It also confirms that your site is still vulnerable; leaving the door wide open for further hacks .Some hackers choose to patch the vulnerability they used to break in to prevent others from riding their coat-tails, leaving a back-door for only themselves, but this ‘altruism’ is rare.
Despite targeted acts of ‘hacktivism’, defacements are usually automated, drive-by affairs (scan or search for a large number of domains, take note of vulnerable ones and attack). You can keep your site safe by simply not being in the list of vulnerable sites. As the saying goes: “You don’t have to run faster than the lion to get away. You just have to run faster than the guy next to you”.
The table below contains .co.zw websites that were defaced in the recent past (and most still are) – these are the ones I could find and is not an exhaustive list. The ‘defacement date’ is the earliest date I could find when defacement was active – the actual start could be earlier. This date could not be established for a fraction of the websites. I am not linking to the websites for your security (and strongly discourage you from visiting the defaced websites: visiting a compromised website is an easy way to get viruses)
Domain | Defacement date | Fixed? |
---|---|---|
albmed | 2015-03 | no |
bilcro | – | |
bmx | – | no |
chs | 2014-04 | no |
colourdemo.sigcomx | 2015-05 | no |
cyberlifehealthsystems | 2013-04 | no |
directproducts | – | no |
dominionministries | 2015-05 | no |
eastleapaints | – | no |
exclusivebrands | – | no |
hararenews | 2015-03 | no |
hardrock | 2014-10 | no |
hideaway | – | Yes: Site suspended |
ict4d | 2015-03 | no |
jbk | – | no |
maco | 2015-06 | yes |
mitc | – | no |
mvuramanzi | – | no |
nano-world* | – | no |
photomatrix | – | yes |
slgmedicals | – | no |
technews | 2015-03 | yes |
tengai | 2015-07 | yes |
unlimitedexplorations | – | no |
unwto2013 | – | no |
work.3degrees | – | no |
worldclassmotors | 2014-05 | no |
zimbabweschoolguide | 2015-06 | yes |
zimoco | 2015-08 | yes |
‘Cyber Life Health Systems’ win the dubious award of having their website compromised for the longest period (over 2 years and running!). They also get a trophy for irony. I am impressed and disappointed in equal parts because for 2 years, someone was forking over payments for hosting and domain renewal without ever checking if the website is there at all.
If your threat model is “don’t get randomly defaced”, here’s how to keep yourself (relatively) safe:
- Use strong password (this should really go without saying)
- Have someone responsible for your website, or someone that monitors it from time to time at the very least
- Update your CMS/plugins as soon as stable releases become available. Did a new version of WordPress come out? Upgrade now. New version of a plugin released? Upgrade immediately
- move your admin interface to non-standard paths. Change that admin.php or login.php to something else where automated scanning tools won’t find them
- if available on your CMS/platform, enable anti-bruteforce blacklist script/plugins. There is no reason for you to allow 100 login attempts a minute
18 comments
i hope you okes have good lawyers on hand, because this way of publicly naming and shaming might bring you a lawsuit soon. good luck!
Truth is and has always been a defence against defamation.
That’d be shooting the messenger because you don’t like the news. Fortunately for me, the internet never forgets – corroborating won’t be an issue.
You do know that the internet is public, right?
whatever should be secure should be made secure BY the owner
whatever should be private, should be made private BY the owner
By virtue of it being visible, it is either the owner’s negligence or intentionally public.
In which case, no one is liable for the owner’s own negligence except the owner.
Ha ha ha. He does not need a lawyer, these website owners dont even know their sites are down, i dont think they care
also, if the owners ‘haven’t seen’ that their sites are down, how are they going to see this article?
No need for lawyers, Unless the party with a hacked website can come up with a charge here there is nothing, its just plain old truth, or if the website was listed on his list but without actually being hacked.
zimoco.co.zw seems to be working? hence my comment
I should have been explicitly mentioned that it’s not always the home page that’s defaced: for some of the websites, the defaced page would be similar to site.co.zw/demo_page/
All websites get hacked at some point. From Ebay to Facebook; NASA to the CIA. What matters is how those hacked respond and enhance their security. Cyber crime is the biggest threat of our generation.
wow, almost 60% of those websites are hosted outside Zimbabwe, then a couple from YoAfrica, and ZOL, but how do we Promote our own Local Hosting Providers guys? if this small sample shows these stats, what about the whole 13k co.zw domains? all of them hosted outside?
Because most local web hosts are either ancient or unecessarily overpriced.
I will give you something based on my experience working on something hosted by iWayAfrica:
– They still charge per quota of storage even counting from as low as 100MB,
– Some have no cPanel or something close to manage the website
– No phpMyAdmin to administer the DB
I hear YoAfrica is ok price and featurewise, dont know about ZOL or CyberPlex(if it still exists), WebDev
Compare that with the standard offering from international hosts:
– unlimited sub domains
– unlimited DBs
– cPanel (and all its bells and whistles)
– Cloud Flare access
– cron access
– easy & affordable SSL setup <- very important in today's world
As a business person or a person looking for hosting, you strive to get the best value out of your money. Local guys do not provide that value for money. They have ancient systems that do not move with the times and in most cases do not have control panels (software like Cpanel or Web Host Manager) which gives web managers full access to their accounts.
Although it sounds minor, its effect on hosting is very huge. I dont want to call someone to create a database, or import a database for me when there are tools i can use to do it myself. In addition their support is terrible and they usually have no clue whats going on in their own hosting environments. try getting someone to help with a config problem and you will quickly run into brick walls.
In addition to this, their prices are so ridiculously high such that it wont make sense to work with them eg, if you are hosting multiple large websites. Storage has considerably gone down, but these guys still charge a premium for storage (maybe they never got the memo)
In addition to this, most local guys have poor security and will not help (most likely because they cant help you) when you are having problems with attacks and denial of service attacks and so.
Sorry for the long reply
are techzim the local internet and website police these days
Hahaha
Asi wabatwa panyama nhete?
if you hire some pikanin in zimpost to hammer together a site from templates and dreamweaver for $50 you are most likely going to get hacked. the quality of zimbabwean internet facing technologies is dire and we can only blame our selves in tolerating mediocre developers and products
Check out HGI.CO.ZW for information and solutions on security …Most Zimbabwean companies refuse to accept that they have a lack of skill in ICT Security ….So let me be clear, being good at networking does not make you good at security …..