Lax security leading to rampant website defacement

Zimbabwean websites (.co.zw TLD) are easy pickings for hacker groups making names for themselves – that is the impression I get looking at the sheer number of defaced websites. The state of local website security is appalling. After my research, the most worrying thing I found is how long some websites stay defaced, it’s almost as if no one is looking after them.

Getting your website defaced says one thing: you were vulnerable. Staying defaced says something else: you lack the ability to detect your site was compromised (bad) or you lack the will (worse). It also confirms that your site is still vulnerable; leaving the door wide open for further hacks .Some hackers choose to patch the vulnerability they used to break in to prevent others from riding their coat-tails, leaving a back-door for only themselves, but this ‘altruism’ is rare.

Despite targeted acts of ‘hacktivism’, defacements are usually automated, drive-by affairs (scan or search for a large number of domains, take note of vulnerable ones and attack). You can keep your site safe by simply not being in the list of vulnerable sites. As the saying goes: “You don’t have to run faster than the lion to get away. You just have to run faster than the guy next to you”.

The table below contains .co.zw websites that were defaced in the recent past (and most still are) – these are the ones I could find and is not an exhaustive list. The ‘defacement date’ is the earliest date I could find when defacement was active – the actual start could be earlier. This date could not be established for a fraction of the websites. I am not linking to the websites for your security (and strongly discourage you from visiting the defaced websites: visiting a compromised website is an easy way to get viruses)

DomainDefacement dateFixed?
albmed2015-03no
bilcro
bmxno
chs2014-04no
colourdemo.sigcomx2015-05no
cyberlifehealthsystems2013-04no
directproductsno
dominionministries2015-05no
eastleapaintsno
exclusivebrandsno
hararenews2015-03no
hardrock2014-10no
hideawayYes: Site suspended
ict4d2015-03no
jbkno
maco2015-06yes
mitcno
mvuramanzino
nano-world*no
photomatrixyes
slgmedicalsno
technews2015-03yes
tengai2015-07yes
unlimitedexplorationsno
unwto2013no
work.3degreesno
worldclassmotors2014-05no
zimbabweschoolguide2015-06yes
zimoco2015-08yes

‘Cyber Life Health Systems’ win the dubious award of having their website compromised for the longest period (over 2 years and running!). They also get a trophy for irony. I am impressed and disappointed in equal parts because for 2 years, someone was forking over payments for hosting and domain renewal without ever checking if the website is there at all.

If your threat model is “don’t get randomly defaced”, here’s how to keep yourself (relatively) safe:

  • Use strong password (this should really go without saying)
  • Have someone responsible for your website, or someone that monitors it from time to time at the very least
  • Update your CMS/plugins as soon as stable releases become available. Did a new version of WordPress come out? Upgrade now. New version of a plugin released? Upgrade immediately
  • move your admin interface to non-standard paths. Change that admin.php or login.php to something else where automated scanning tools won’t find them
  • if available on your CMS/platform, enable anti-bruteforce blacklist script/plugins. There is no reason for you to allow 100 login attempts a minute

18 comments

  1. kilotango

    i hope you okes have good lawyers on hand, because this way of publicly naming and shaming might bring you a lawsuit soon. good luck!

    1. Garikai

      Truth is and has always been a defence against defamation.

    2. Tapiwa

      That’d be shooting the messenger because you don’t like the news. Fortunately for me, the internet never forgets – corroborating won’t be an issue.

    3. tinm@n

      You do know that the internet is public, right?

      whatever should be secure should be made secure BY the owner

      whatever should be private, should be made private BY the owner

      By virtue of it being visible, it is either the owner’s negligence or intentionally public.

      In which case, no one is liable for the owner’s own negligence except the owner.

  2. justin

    Ha ha ha. He does not need a lawyer, these website owners dont even know their sites are down, i dont think they care

    1. Tendai Mambara

      also, if the owners ‘haven’t seen’ that their sites are down, how are they going to see this article?

  3. Zimbo

    No need for lawyers, Unless the party with a hacked website can come up with a charge here there is nothing, its just plain old truth, or if the website was listed on his list but without actually being hacked.

    1. kilotango

      zimoco.co.zw seems to be working? hence my comment

      1. Tapiwa

        I should have been explicitly mentioned that it’s not always the home page that’s defaced: for some of the websites, the defaced page would be similar to site.co.zw/demo_page/

  4. Winnie

    All websites get hacked at some point. From Ebay to Facebook; NASA to the CIA. What matters is how those hacked respond and enhance their security. Cyber crime is the biggest threat of our generation.

  5. Zimbo

    wow, almost 60% of those websites are hosted outside Zimbabwe, then a couple from YoAfrica, and ZOL, but how do we Promote our own Local Hosting Providers guys? if this small sample shows these stats, what about the whole 13k co.zw domains? all of them hosted outside?

    1. tinonetic

      Because most local web hosts are either ancient or unecessarily overpriced.

      I will give you something based on my experience working on something hosted by iWayAfrica:
      – They still charge per quota of storage even counting from as low as 100MB,
      – Some have no cPanel or something close to manage the website
      – No phpMyAdmin to administer the DB

      I hear YoAfrica is ok price and featurewise, dont know about ZOL or CyberPlex(if it still exists), WebDev

      Compare that with the standard offering from international hosts:
      – unlimited sub domains
      – unlimited DBs
      – cPanel (and all its bells and whistles)
      – Cloud Flare access
      – cron access
      – easy & affordable SSL setup <- very important in today's world

    2. Beaton Nyamapanda

      As a business person or a person looking for hosting, you strive to get the best value out of your money. Local guys do not provide that value for money. They have ancient systems that do not move with the times and in most cases do not have control panels (software like Cpanel or Web Host Manager) which gives web managers full access to their accounts.
      Although it sounds minor, its effect on hosting is very huge. I dont want to call someone to create a database, or import a database for me when there are tools i can use to do it myself. In addition their support is terrible and they usually have no clue whats going on in their own hosting environments. try getting someone to help with a config problem and you will quickly run into brick walls.
      In addition to this, their prices are so ridiculously high such that it wont make sense to work with them eg, if you are hosting multiple large websites. Storage has considerably gone down, but these guys still charge a premium for storage (maybe they never got the memo)
      In addition to this, most local guys have poor security and will not help (most likely because they cant help you) when you are having problems with attacks and denial of service attacks and so.

      Sorry for the long reply

  6. jemsie

    are techzim the local internet and website police these days

    1. TheKing

      Hahaha

    2. macd chip

      Asi wabatwa panyama nhete?

  7. kundai

    if you hire some pikanin in zimpost to hammer together a site from templates and dreamweaver for $50 you are most likely going to get hacked. the quality of zimbabwean internet facing technologies is dire and we can only blame our selves in tolerating mediocre developers and products

  8. hgi

    Check out HGI.CO.ZW for information and solutions on security …Most Zimbabwean companies refuse to accept that they have a lack of skill in ICT Security ….So let me be clear, being good at networking does not make you good at security …..

Join Waitlist We will inform you when the product arrives in stock. Please leave your valid email address below.
Exit mobile version