Welcome, Guest: Register On Nairaland / LOGIN! / Trending / Recent / New
Stats: 3,207,639 members, 7,999,806 topics. Date: Monday, 11 November 2024 at 01:47 PM

Onigbongbo Local Government Website Hacked - Webmasters - Nairaland

Nairaland Forum / Science/Technology / Webmasters / Onigbongbo Local Government Website Hacked (1051 Views)

Photos: Lagos State Government Website (lagosstate.gov.ng) Has Been Hacked / Supreme Court Of Nigeria Website Hacked!!! / Gay Activist Hacks Nigerian Government’s Website Over Anti-gay Law (2) (3) (4)

(1) (Reply) (Go Down)

Onigbongbo Local Government Website Hacked by yinka007(m): 9:41am On Feb 24, 2012
I guess hackers are now having a filled day with security vulnerabilities of Nigerian websites
http://www.onigbongbogov.org
Re: Onigbongbo Local Government Website Hacked by yawatide(f): 11:29am On Feb 24, 2012
The more I study these hacking issues, the more I come to the conclusion that it is the fault of the hosts and not the websites, per se. I mean, I haven't been to this particular site but I doubt they were doing anything other than pure html. How would that pose a security threat?

I could be wrong but again, I think it is the fault of the web hosts. If it is, then especially for "mission critical" sites in Nigeria, we need to look at using trustworthy hosts, regardless of cost (within reason of course).
Re: Onigbongbo Local Government Website Hacked by yinka007(m): 1:26pm On Feb 24, 2012
It is usually as a result of weak password policy. The ideal password should be:
1. alphanumeric
2. at least 7 characters
3. must contain a special character
4. should be changed every 3 months
Re: Onigbongbo Local Government Website Hacked by Slyr0x: 4:00pm On Feb 24, 2012
yawa-ti-de:

The more I study these hacking issues, the more I come to the conclusion that it is the fault of the hosts and not the websites, per se. I mean, I haven't been to this particular site but I doubt they were doing anything other than pure html. How would that pose a security threat?

I could be wrong but again, I think it is the fault of the web hosts. If it is, then especially for "mission critical" sites in Nigeria, we need to look at using trustworthy hosts, regardless of cost (within reason of course).

Well, you are quite right. .I just did a reverse Ip and found out over 1000 domains hosted on the same web server as www.onigbongbogov.org .

Provided "filesystem browsing" remains [b]enabled [/b]in the php.ini of the web server, successfully breaking into and uploading a reverse shell on one of the websites would most def. compromise all other websites hosted on the web server. .

A malicious user that has successfully uploaded a shell can view the /var/www/hosts/ directory. . .That practically means access to the folders of ALL the websites on the webserver. .

A quick fix could be disabling shell_exec and also using mod_security with good rule set.

(1) (Reply)

Kasuwa Is It Real / Drop Your Personal Website Here For Rating Your Internet Marketing Effectiveness / An E-commerce Website Is Needed Urgently For A Clothing Company

(Go Up)

Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health
religion celebs tv-movies music-radio literature webmasters programming techmarket

Links: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10)

Nairaland - Copyright © 2005 - 2024 Oluwaseun Osewa. All rights reserved. See How To Advertise. 10
Disclaimer: Every Nairaland member is solely responsible for anything that he/she posts or uploads on Nairaland.