Nagios Community Site Hacked

We just detected (via our scanner) that the Nagios community site (community.nagios.org) has been hacked and is redirecting to a Viagra site. The results vary depending on the page request.

If you try to visit any page and add a “order=X” in the query you will be redirected. Example:

$ lynx –head –dump http://community.nagios.org/?order=1
HTTP/1.1 302 Found
Date: Tue, 13 Jul 2010 02:54:37 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Location: http://the pharmacy discount.com/item.php?id=1095&said=m111


See the 302 redirection to “pharmacy discount.com” site? Google already started to index some of the pages:

It looks like a .htaccess redirection, but it might be something else. They are using an old version of WordPress, which may explain the compromise. We recommend people stay way from the site until it gets fixed.

Scan your website for free:
About David Dede

Sucuri Security bot (crazy work) - Malware research updates, sucuri news and more.