Scampup
Well-Known Member
Any business, municipality, webservices provider for clients, web designers with clients - this is for you!
Please check your websites. Recently the South African IP range has seen a visit from malicious parties hacking sites with outdated CMS systems. In the process links were planted on numerous websites linking to East Asian mobile websites.
These links are not visible by looking at the web page. However looking at the source of the page shows these links quite clearly.
To see the raw source code:
Typically, look at all the links, looking for something like "<a .... href="http://some-website-address" ...>Some wording..."
This is how the injected links look:
Make sure you know where all links are going to and that they should be in your websites. Normally you only have to check your index page as the infected module is common to all the website pages.
As far as can be established, the hacks are linked to outdated CMS (Content Management System) software like old Wordpress and Joomla! installations. Our East Asian hackers had a field day.
This is also a reminder to check with the company managing your company website to ensure they are actually "managing" it, regularly updating it to avoid these issues. Imagine having a HSBC, Standard Bank or similar website hidden on your company website, stealing people's money. It happens daily on the internet. It also affects the very purpose you have a website, to attract business or keep in communication with your clients. If you get tagged by the malware vendors or the likes of Google as being malicious, business simply does not happen via it. Your rankings also drop to 0. Your potential visitors see a nasty warning that there is danger ahead. This is how users see your website:
http://blog.sucuri.net/2012/07/google-blacklist-warning-somethings-not-right-here.html
Any data on your website like client lists and other personal information may be stolen.
Embarrassing and oh so sad.
Please check your websites. Recently the South African IP range has seen a visit from malicious parties hacking sites with outdated CMS systems. In the process links were planted on numerous websites linking to East Asian mobile websites.
These links are not visible by looking at the web page. However looking at the source of the page shows these links quite clearly.
To see the raw source code:
- FireFox = press "CTRL" and "u" keys simultaneously
- Google Chrome = press "CTRL" and "u" keys simultaneously
- Internet Explorer = press "CTRL" and "u" keys simultaneously
- Safari = See here
Typically, look at all the links, looking for something like "<a .... href="http://some-website-address" ...>Some wording..."
This is how the injected links look:
Make sure you know where all links are going to and that they should be in your websites. Normally you only have to check your index page as the infected module is common to all the website pages.
As far as can be established, the hacks are linked to outdated CMS (Content Management System) software like old Wordpress and Joomla! installations. Our East Asian hackers had a field day.
This is also a reminder to check with the company managing your company website to ensure they are actually "managing" it, regularly updating it to avoid these issues. Imagine having a HSBC, Standard Bank or similar website hidden on your company website, stealing people's money. It happens daily on the internet. It also affects the very purpose you have a website, to attract business or keep in communication with your clients. If you get tagged by the malware vendors or the likes of Google as being malicious, business simply does not happen via it. Your rankings also drop to 0. Your potential visitors see a nasty warning that there is danger ahead. This is how users see your website:
http://blog.sucuri.net/2012/07/google-blacklist-warning-somethings-not-right-here.html
Any data on your website like client lists and other personal information may be stolen.
Embarrassing and oh so sad.
Last edited: