Thailand official foreign affairs / embassy web sites hacked

The Royal Thai (Thailand’s) consulate and embassy web sites (part of their foreign affairs ministry) are currently hacked and infected with a lot of spam (of the pharmacy kind).

Their web site is located at http://www.mfa.go.th and with a quick scan (using our scanner) we can see all the hidden content:

Plus all their pages have multiple hidden links used on blackhat SEO spam campaings:

If you don’t believe me, go to your terminal and type curl -D – -A “googlebot” http://www.mfa.go.th/web/1306.php?depid=198 and look at the results (or use http://www.rexswain.com/httpview.html). In fact, for any page in that web site, if you specify the user agent as “Googlebot” you will get the spam.

What is interesting too is that if you specify the referer as “google” and keep a normal browser user agent, it will be redirected to a pharmacy site (like http://oraldrugs.com/ and others).

Another way to see it is by looking at the google results:

If you know anyone at the Thai .gov, please send this to them, so they can fix it.


If your site is infected with malware or spam, we have the solution for you: http://sucuri.net. Malware removal and web site monitoring.

Scan your website for free:
About David Dede

Sucuri Security bot (crazy work) - Malware research updates, sucuri news and more.