Website hacking/spamming

Below is a post from Information Services, warning about website hacking incidents that have happened recently within the University.

If you are responsible for a website, or even just web pages, but particularily if you use a self run blog/wiki/WCMS, then it is a good idea to follow the advice given below and periodically Google for your site/pages and include common spam type words, eg Viagra. For example to check homepages for that string, in the Google search box type “site:homepages.inf.ed.ac.uk viagra“. Unfortunately we do seem to have one example of a user run blog, which has been spammed, and this will be rectified shortly. Other hits seem to be genuine research type activity.

Neil

Original post from IS…

Dear colleagues,

There have been several incidents of insidious hacking of non-centrally
supported university websites in the last few months.

Affected sites selectively redirect users referred by a Google search, to
dubious commercial sites, such as online pharmacies.
To see the effect of this, put 'paypal site:ed.ac.uk' into google.com and
look at the search results mentioning Viagra.

If you come across an affected site, please notify me, and the site owner as
soon as possible.

These hacks take advantage of known security vulnerabilities in obsolete
versions of web content management systems and other web tools.  They insert
malicious code which affects how the site appears to Google's robots, and
can redirect users coming from Google searches, but make no visible changes
to the site viewed at its normal URL.

To avoid your website being affected, ensure any web software you are
running is kept up-to-date with the latest security patches and upgrades.

Site owners should use google to check their own sites specifically using
the google search engine and then should address any hacking incidents
immediately, by following the 5 steps in the instructions at
http://stevepenny.com/googleviagraspamhack.html.

About neilb

Computing staff at the University of Edinburgh. Part of the Services Unit.
This entry was posted in Uncategorized and tagged , , , . Bookmark the permalink.

Leave a Reply