Welcome, Guest: Register On Nairaland / LOGIN! / Trending / Recent / NewStats: 3,200,608 members, 7,975,374 topics. Date: Tuesday, 15 October 2024 at 12:31 AM |
Nairaland Forum / Nairaland / General / Education / FUTA Website Hacked By Indonesian Hacking Group (978 Views)
University Of Nigeria, Nsukka Website Hacked At 1:00 Am / Breaking News!!! FUTA Website Has Been Hacked.. / Confirmed! FUTA Website Hacked? - Inforesource (2) (3) (4)
FUTA Website Hacked By Indonesian Hacking Group by matrixx9(m): 10:42am On Nov 06, 2016 |
A quick check through FUTA's website (www.futa.edu.ng) shows that the website has been defaced by an Indonesian hacking group (Indonesian Code Party) which has been linked to the hack of several websites on the Internet. Possible Cause Of The Hack 1.FUTA's website runs on just PHP and SQL on an Apache Server. This can easily be exploited by any hacker. 2.Their ICT Team Failed To Apply Patches and Updates To The School Website Many webmasters know how vulnerable websites based on PHP and SQL can be.I must say that It's really appalling for a Federal University to use an outdated and buggy CMS. The successful defacement and hack of the FUTA website depends on the exploit used by these hackers . It does not necessary mean that the hackers connected to the database directly although I'm not ruling out the possibility . The hackers might first check the server to find what the app stack is (Programming Languages, Database, CMS, OS). Looking at HTML, Javascript code, URL pattern, hitting standard URL's of admin pages & port scanning helps a lot. Once this is done, he or she knows which exploits to try. With CMSes, exploits become public very fast. Security patches are made available just as fast. If they regularly apply security patches they'll be OK. Other than that CMSes are vulnerable mostly due to bad configuration, or poor password choice. Custom applications are more vulnerable to loop holes in code. There are many vulnerabilities that can be exploited. 1. Database fields become exposed to modification because the programmer choose to simply persist the entire object received from the user instead of only picking those fields that the user was allowed to modify from that page. 2. Having ajax methods such as getObject(int objectid) in Javascript with no corresponding validation on server side to find whether the requested object should be accessible to the current user. These seemingly lame coding blunders are surprisingly very common in custom built applications. Possible Solution 1.Scan Website Server for Vulnerabilities With Nikto On Linux and install patch/ fixes for every vulnerability 2.Change Website CMS To Joomla 1 Like |
Re: FUTA Website Hacked By Indonesian Hacking Group by matrixx9(m): 10:43am On Nov 06, 2016 |
Re: FUTA Website Hacked By Indonesian Hacking Group by maxti: 10:51am On Nov 06, 2016 |
Bad for biz |
Re: FUTA Website Hacked By Indonesian Hacking Group by dauddy97(m): 11:06am On Nov 06, 2016 |
this unfair.... |
Re: FUTA Website Hacked By Indonesian Hacking Group by oldfoolnigger(m): 11:48am On Nov 06, 2016 |
Hahaha,tech.school indeed.buhuhahabruhaha. |
(1) (Reply)
PHOTO: Freed Pupils, Staff Of Nigerian-turkish School / Biology Student Of Gombe State University Declared Missing.Did You See Her?(Pics / Study At Nottingham Trent University In UK With Free Full-fee Scholarship, 2017
(Go Up)
Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health religion celebs tv-movies music-radio literature webmasters programming techmarket Links: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10) Nairaland - Copyright © 2005 - 2024 Oluwaseun Osewa. All rights reserved. See How To Advertise. 11 |