Zimbabwean websites have suffered numerous attacks over the years and we have covered some of these here. Examples that come to mind include the time when the official Zanu PF website was used to host porn, ZEC website went down , HIT website which has actually been hacked and defaced several times among other choice examples. The inevitable conclusion is that we are lacking as a nation.
A recent report by the researchers at Abuse.ch has confirmed this viewpoint. The team has called out Zimbabwe as one of the countries with the sloppiest/most ignorant web hosting providers when it comes to falling prey to malware and failing to remove it quickly. Ukraine and Japan are also on this naughty list. Ukraine has always been the bot and malware capital of the world but it is surprising to see Japan on the list.
What the report says
The report titled “Measuring the Reaction time of Abuse Desks” was compiled by calculating the average time it took Web hosting companies to remove malware from websites they were hosting after they had been informed of the existence of this malware.
Researchers go around the internet looking for malware, bots and malicious links. Whenever these are discovered an effort is made to ascertain the web host hosting the malware who is normally unaware of their existence owing to a large number of sites they host. Typically researchers use the emails listed on these sites to get in touch with the web host.
The report published early last month says that on average hosting providers take 3 days, 2 hours, and 33 minutes to respond to abuse complaints and remove malware hosted on their servers. It appears Zimbabwean web hosting companies, who actually take a lot longer than this to respond, take their sweet time to respond to reports of malware and malicious links.
Is it ignorance or sloppiness?
Perhaps a bit of both. In my experience most local web hosting companies are not really “local”. A guy with basic IT knowledge and money to spare buys a VPS and CPanel license before proceeding to shove as many people on that VPS as he can. All patches and CMS updates are ceremoniously ignored.As a result most of the break in that local sites have suffered have been automated rather than targeted.
What hosting providers can do?
Based on their experience the researchers at Abuse.ch have some recommendations that Zimbabwean web hosts will do well to heed if they do not want to wallow at the bottom of the list. These include:
- Web hosting providers should provide a reachable abuse@domain email address that researchers can use to report malware hosted on their servers
- Web hosting providers must learn about and use of Abuse Report Format(ARF) emails
- Spam filters must be configured to allow messages in ARF through
- Abuse inboxes must be monitored regularly as malware spreads more rapidly during the first few hours
- Patches and updates must be applied in a timely manner
- Educate staff on malware and how to handle it