Sunday, 6 November 2016

FUTA Website Hacked By Indonesian Hacking Group




A quick check through FUTA's website  (www.futa.edu.ng) shows that the website has been defaced by an Indonesian hacking group (Indonesian Code Party) which has been linked to the hack of several websites on the Internet.

Possible Cause Of The Hack

1.FUTA's website  runs on  just PHP and SQL on an Apache Server. This can easily be exploited by any hacker.

2.Their ICT Team Failed To Apply Patches and Updates To The School Website

Many webmasters know how vulnerable websites based on PHP and SQL can be.I must say that It's really appalling for a Federal University to use an outdated and buggy CMS.

My personal advice is FUTA PLEASE MOVE YOUR WEBSITE TO RUN ON JOOMLA.

I The successful defacement and hack of the FUTA website depends on the exploit used by these hackers . It does not necessary mean that the hackers connected to the database directly although I'm not ruling out the possibility .

The hackers might first check the server to find what the app stack is (Programming Languages,
Database, CMS, OS).
Looking at HTML, Javascript code, URL pattern, hitting standard URL's of admin pages & port scanning helps a lot.

Once this is done, he or she knows which exploits to try.

With CMSes, exploits become public very fast. Security patches are made available just as fast. If they regularly apply security patches they'll be OK. Other
than that CMSes are vulnerable mostly due to bad configuration, or poor password choice.

Custom applications are more vulnerable to loop holes in code. There are many vulnerabilities that can be exploited.

1. Database fields become exposed to modification
because the programmer choose to simply persist the
entire object received from the user instead of only
picking those fields that the user was allowed to
modify from that page.

2. Having ajax methods such as getObject(int objectid)
in Javascript with no corresponding validation on
server side to find whether the requested object
should be accessible to the current user.
These seemingly lame coding blunders are surprisingly
very common in custom built applications.

Possible Solution

1.Scan Website Server for Vulnerabilities With Nikto On Linux and install patch/ fixes for every vulnerability

2.Change Website CMS To Joomla




Need Tech Help? Click Here To Join Our Live Online Radio Show

Wanna Leave Without Sharing This? It's not fair

Related Posts

FUTA Website Hacked By Indonesian Hacking Group
4/ 5
Oleh