Home » hacked » Nagios Community Site Hacked

Nagios Community Site Hacked

Posted on July 13, 2010 by dd

We just detected (via our scanner) that the Nagios community site (community.nagios.org) has been hacked and is redirecting to a Viagra site. The results vary depending on the page request.

If you try to visit any page and add a “order=X” in the query you will be redirected. Example:

$ lynx –head –dump http://community.nagios.org/?order=1
HTTP/1.1 302 Found
Date: Tue, 13 Jul 2010 02:54:37 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Location: http://the pharmacy discount.com/item.php?id=1095&said=m111


See the 302 redirection to “pharmacy discount.com” site? Google already started to index some of the pages:

It looks like a .htaccess redirection, but it might be something else. They are using an old version of WordPress, which may explain the compromise. We recommend people stay way from the site until it gets fixed.

This entry was posted in hacked, nagios, spam and tagged , , . Bookmark the permalink.

One Response to Nagios Community Site Hacked

  1. @whalesalad says:
    July 13, 2010 at 3:55 am

    Didn't know you could use Lynx to grab headers :) You can also do this:

    curl -i blah.com
    :D

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Home » hacked » Nagios Community Site Hacked