The roughly 200 South African websites recently defaced by an Argentinian hacking group all appear to be hosted on Webafrica’s hosting infrastructure.
[Also read: Anonymous hacks SA government database]
“Sites hacked by #Anonymous group member @TobitowTHA point to 196.220.43.* ..and the ISP is…,” Molebatsi posted.
A lookup of the IP addresses revealed that they all fell within the 18.104.22.168/19 subnet, which is assigned to Webafrica.
It therefore appears that Tobitow found a vulnerability on each of Webafrica’s shared hosting servers he hacked.
“Shared hosting” refers to the practice of hosting multiple sites on a single server, and is a common practice that lets companies offer cheaper web hosting.
Once hackers have successfully exploited a website on a shared server, they may be able to exploit a vulnerability on the server itself to give them access to all the sites hosted on it.
From there, the hacker may perform what is referred to as a mass defacement – replacing all the landing pages of the websites hosted on the server with a message such as the one posted below.
Webafrica’s call centre has confirmed that its servers have been hacked.
According to the call centre, the servers breached are older and contain legacy websites that clients won’t upgrade. This has caused the servers to get outdated and become vulnerable.