Header AD

FUTA Website Hacked By Indonesian Hacking Group


A quick check through FUTA's website  (www.futa.edu.ng) shows that the website has been defaced by an Indonesian hacking group (Indonesian Code Party) which has been linked to the hack of several websites on the Internet.

Possible Cause Of The Hack

1.FUTA's website  runs on  just PHP and SQL on an Apache Server. This can easily be exploited by any hacker.

2.Their ICT Team Failed To Apply Patches and Updates To The School Website

Many webmasters know how vulnerable websites based on PHP and SQL can be.I must say that It's really appalling for a Federal University to use an outdated and buggy CMS.

My personal advice is FUTA PLEASE MOVE YOUR WEBSITE TO RUN ON JOOMLA.

I The successful defacement and hack of the FUTA website depends on the exploit used by these hackers . It does not necessary mean that the hackers connected to the database directly although I'm not ruling out the possibility .

The hackers might first check the server to find what the app stack is (Programming Languages,
Database, CMS, OS).
Looking at HTML, Javascript code, URL pattern, hitting standard URL's of admin pages & port scanning helps a lot.

Once this is done, he or she knows which exploits to try.

With CMSes, exploits become public very fast. Security patches are made available just as fast. If they regularly apply security patches they'll be OK. Other
than that CMSes are vulnerable mostly due to bad configuration, or poor password choice.

Custom applications are more vulnerable to loop holes in code. There are many vulnerabilities that can be exploited.

1. Database fields become exposed to modification
because the programmer choose to simply persist the
entire object received from the user instead of only
picking those fields that the user was allowed to
modify from that page.

2. Having ajax methods such as getObject(int objectid)
in Javascript with no corresponding validation on
server side to find whether the requested object
should be accessible to the current user.
These seemingly lame coding blunders are surprisingly
very common in custom built applications.

Possible Solution

1.Scan Website Server for Vulnerabilities With Nikto On Linux and install patch/ fixes for every vulnerability

2.Change Website CMS To Joomla



If you've got a story NaijaTechGuy hasn't covered yet or have a guest post please mail- naijatechguy@technologist.com
You Can Also Visit The Forum or Listen To Podcasts



FUTA Website Hacked By Indonesian Hacking Group FUTA Website Hacked By Indonesian Hacking Group Reviewed by Michael Ajah on Sunday, November 06, 2016 Rating: 5

Post AD