Nagios Community Site Hacked

We just detected (via our scanner) that the Nagios community site ( has been hacked and is redirecting to a Viagra site. The results vary depending on the page request.

If you try to visit any page and add a “order=X” in the query you will be redirected. Example:

$ lynx –head –dump
HTTP/1.1 302 Found
Date: Tue, 13 Jul 2010 02:54:37 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Location: http://the pharmacy

See the 302 redirection to “pharmacy” site? Google already started to index some of the pages:

It looks like a .htaccess redirection, but it might be something else. They are using an old version of WordPress, which may explain the compromise. We recommend people stay way from the site until it gets fixed.

About David Dede

David Dede is a Security Researcher at Sucuri. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.

Share This