• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login

UCalgary web sites compromised with spam

February 17, 2011David Dede

0
SHARES
FacebookTwitterSubscribe

We were cleaning up a compromised site today (with the unfamous pharma hack), when we saw multiple spam links in the hacked site pointing to ucalgary.ca (big Canadian university). What was interesting is that it was not pointing to a small department sub-domain, but to their main site.

It means attackers were using domains at the University of Calgary to help increase their PR (page rank) and to sell pharmacy related products online.

These were some of the links in their main site that were being used (still live):

http://www.ucalgary.ca/uci/node/19228
http://www.ucalgary.ca/uci/node/491
http://www.ucalgary.ca/uci/node/426
.. hundreds more..

As we dug deeper, we saw more and more links with spam in their main site and on sub-domains:

http://ess.ucalgary.ca (engineering society)
http://www.arctic.ucalgary.ca/
http://fp.ucalgary.ca/
http://webapps2.ucalgary.ca

So what is going on? It seems that those sub-domains are in fact hacked and being used to distribute spam. Their main site, however, looks ok, but it has an open wiki (not moderated) that is allows anyone to post any content (including SPAM in there). So guess who is using that to their advantage? Exactly 🙂

If you do a quick search on Google for ‘viagra site:ucalgary.ca’, you will find more than 2 thousand pages infected.

Scanning those sites with our malware + spam monitor, we were able to identify more and more pages with spam.. If you know anyone at UC IT department, let them know about it so they can fix it.


Infected with malware? Spam? Blacklisted? We can clean it up for you: http://sucuri.net

0
SHARES
FacebookTwitterSubscribe

Categories: UncategorizedTags: SEO Spam

About David Dede

David is a Security Researcher at Sucuri. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.

Reader Interactions

Comments

  1. U Calgary

    February 17, 2011

    Our website was not hacked. When the forum was enabled by a Site Admin they allowed anonymous users to both create and edit their own forum topics (without spam protection.) We will be fixing this.

    • Janke

      February 18, 2011

      Geeze –

      Comment spam?

      I’d have thought that a ‘security researcher’ would have taken the time to notify someone at ucalgary.ca & get the facts straight before turning this into a blog post.

      I know that’s difficult, (using whois and all), but heck – you guys are smart, right?

    • Sucuri

      February 18, 2011

      I guess you didn’t read the article? 🙂 We said that the main site had an open wiki, but the others were indeed hacked.

      • Janke

        February 18, 2011

        http://www.ucalgary.ca/it/contact-us

        I’ll suggest that contacting them first & offering your assistance (for a fee) would be a better path to follow. It certainly would less likely to annoy a potential customer.

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

Join Over 20,000 Subscribers!

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2022 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.