FUTA Website Hacked By Indonesian Hacking Group


A quick check through FUTA's website  (www.futa.edu.ng) shows that the website has been defaced by an Indonesian hacking group (Indonesian Code Party) which has been linked to the hack of several websites on the Internet.

Possible Cause Of The Hack

1.FUTA's website  runs on  just PHP and SQL on an Apache Server. This can easily be exploited by any hacker.

2.Their ICT Team Failed To Apply Patches and Updates To The School Website

Many webmasters know how vulnerable websites based on PHP and SQL can be.I must say that It's really appalling for a Federal University to use an outdated and buggy CMS.


I The successful defacement and hack of the FUTA website depends on the exploit used by these hackers . It does not necessary mean that the hackers connected to the database directly although I'm not ruling out the possibility .

The hackers might first check the server to find what the app stack is (Programming Languages,
Database, CMS, OS).
Looking at HTML, Javascript code, URL pattern, hitting standard URL's of admin pages & port scanning helps a lot.

Once this is done, he or she knows which exploits to try.

With CMSes, exploits become public very fast. Security patches are made available just as fast. If they regularly apply security patches they'll be OK. Other
than that CMSes are vulnerable mostly due to bad configuration, or poor password choice.

Custom applications are more vulnerable to loop holes in code. There are many vulnerabilities that can be exploited.

1. Database fields become exposed to modification
because the programmer choose to simply persist the
entire object received from the user instead of only
picking those fields that the user was allowed to
modify from that page.

2. Having ajax methods such as getObject(int objectid)
in Javascript with no corresponding validation on
server side to find whether the requested object
should be accessible to the current user.
These seemingly lame coding blunders are surprisingly
very common in custom built applications.

Possible Solution

1.Scan Website Server for Vulnerabilities With Nikto On Linux and install patch/ fixes for every vulnerability

2.Change Website CMS To Joomla

If you liked this post please subscribe to my channel Subscribe Here
Don't Forget To Share This And Comment

Support NaijaTechGuy - Subscribe To My Channel And Stand A Chance To Win Amazing Prizes

If you wish to comment anonymously without Facebook, please scroll down and use the second comment box

Share This :

I'm a Computer Science Student of The University of Port Harcourt and a Chelsea Fan. I love RnB and A little Trap Music. Tech flows in my veins. I love to have fun with friends and I read a lot. 

Related Post