I guess hackers are now having a filled day with security vulnerabilities of Nigerian websites
http://www.onigbongbogov.org

The more I study these hacking issues, the more I come to the conclusion that it is the fault of the hosts and not the websites, per se. I mean, I haven't been to this particular site but I doubt they were doing anything other than pure html. How would that pose a security threat?

I could be wrong but again, I think it is the fault of the web hosts. If it is, then especially for "mission critical" sites in Nigeria, we need to look at using trustworthy hosts, regardless of cost (within reason of course).

It is usually as a result of weak password policy. The ideal password should be:
1. alphanumeric
2. at least 7 characters
3. must contain a special character
4. should be changed every 3 months

yawa-ti-de:

The more I study these hacking issues, the more I come to the conclusion that it is the fault of the hosts and not the websites, per se. I mean, I haven't been to this particular site but I doubt they were doing anything other than pure html. How would that pose a security threat?

I could be wrong but again, I think it is the fault of the web hosts. If it is, then especially for "mission critical" sites in Nigeria, we need to look at using trustworthy hosts, regardless of cost (within reason of course).

Well, you are quite right. .I just did a reverse Ip and found out over 1000 domains hosted on the same web server as www.onigbongbogov.org .

Provided "filesystem browsing" remains [b]enabled [/b]in the php.ini of the web server, successfully breaking into and uploading a reverse shell on one of the websites would most def. compromise all other websites hosted on the web server. .

A malicious user that has successfully uploaded a shell can view the /var/www/hosts/ directory. . .That practically means access to the folders of ALL the websites on the webserver. .

A quick fix could be disabling shell_exec and also using mod_security with good rule set.