Hackers known as zBiDy and ViZer have defaced several South African Web sites.
According to Telspace Systems CEO Dino Covotsos, it is unlikely the attacks are targeted. "The hackers are basically conducting a mass scan for vulnerable systems. Once a vulnerable system is found, it's exploited and all index pages are replaced with the hacked version."
The front page or another page of the hacked site will be replaced with the phrase: "This site hacked by zBiDy." It is most often accompanied by an image of a man with wings, but there are several versions of the replacement page in circulation.
Covotsos says the hacker, or more likely hackers, have a long history of site defacement. "They have broken into various different operating systems, ranging from SolarisSunOS, FreeBSD, Linux through to Windows 2003.
According to Covotsos, the defacement can easily be prevented. "People who are hosting their own sites on their own servers need to ensure servers are regularly patched with the latest updates."
He says Web site owners need to make sure anything that can be blocked at the firewall should be. "This includes any unnecessary services." He adds that file permissions should be checked to ensure no one can change or move files from site indexes.
However, Covotsos notes it becomes more difficult for owners to ensure site security if they are hosted by a third party company. "Hosting companies need to get vulnerability assessments done on a monthly basis."
He adds that those that host sites need to know the security threats and should patch their own servers to keep client sites safe. "These companies can also write scripts that ensure client site index files are locked down with the correct permissions."
Some of the local sites infected include antenuptial.co.za, yourwedding.co.za and the photo gallery on flysouthadventures.co.za.
Related stories:
Telkom modems hacked wirelessly
IT helps Gauteng fight crime
Hacker nabbed for e-blackmail
Share