Uncategorized

Nagios Community Site Hacked

We just detected (via our scanner) that the Nagios community site (community.nagios.org) has been hacked and is redirecting to a Viagra site. The results vary depending on the page request.

If you try to visit any page and add a “order=X” in the query you will be redirected. Example:

$ lynx –head –dump http://community.nagios.org/?order=1
HTTP/1.1 302 Found
Date: Tue, 13 Jul 2010 02:54:37 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Location: http://the pharmacy discount.com/item.php?id=1095&said=m111

See the 302 redirection to “pharmacy discount.com” site? Google already started to index some of the pages:

It looks like a .htaccess redirection, but it might be something else. They are using an old version of WordPress, which may explain the compromise. We recommend people stay way from the site until it gets fixed.

David Dede

David is a Security Researcher at Sucuri. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.

Related Tags

2 comments

@whalesalad says:
July 13, 2010 at 3:55 am
Didn't know you could use Lynx to grab headers 🙂 You can also do this:
curl -i blah.com
😀
Pingback: Hack : community.nagios.org redirige vers un site de viagra | Gregoire Penverne

Comments are closed.

2020 Website Security Glossary

Art Martori
March 16, 2020

As the online threat landscape continues to evolve, so too does the language we use to describe it. To support a safer internet for everyone,…

Read the Post

Evaluating Cookies to Hide Backdoors

Luke Leal
January 7, 2021

Identifying website backdoors is not always an easy task. Since a backdoors primary function is to conceal itself while providing unauthorized access, they are often…

Read the Post

WordPress Security

Massive 1800ForBail WordPress Hacks

Denis Sinegubko
June 28, 2019

Sucuri malware analyst Kaushal Bhavsar recently brought our attention to a massive campaign responsible for adding either “1800ForBail” or “1800ForBail – One+Number” keywords to the…

Read the Post

New Guide on How to Implement HTTPS / SSL Certificate

Alycia Mitchell
September 11, 2017

HTTPS is a hot topic among online marketers and SEO professionals who understand the future of the web needs to be more secure. Not just…

Read the Post

Security Education

Ask Sucuri: How Modern Web Phishing Works

Peter Gramantik
August 30, 2016

Most of us have experienced some kind of phishing attempt in our online lives, and we have seen phishing grow in complexity. Usually, we notice…

Read the Post

Skimmers and Phishing

Denis Sinegubko
August 14, 2019

Recently, we shared a post about a network of domains used in a JavaScript credit card stealing malware campaign. These domains are all hosted on…

Read the Post

Leveraging Stored Procedures for Nefarious Purposes

Bruno Zanelato
June 19, 2019

Here at Sucuri, we clean thousands of websites on a daily basis, and while some of them are easy to solve, others may require more…

Read the Post

Hosting page templates causing your website ad campaign to be blocked

Cesar Anjos
May 22, 2019

It’s quite common that hosting providers have templates set for pages like 40x and 50x error pages but it’s uncommon for those templates to have…

Read the Post

Hardening WordPress on Apache, Nginx, or IIS

Alycia Mitchell
July 23, 2018

Server configuration files allow administrators to restrict access and make changes at the server level. Depending on the server software you use, there are different…

Read the Post

Website Security

Why You Should Care about Website Security on Your Small Site

Krasimir Konov
June 21, 2018

Most people assume that if their website has been compromised, there must have been an attacker evaluating their site and looking for a specific vulnerability…

Read the Post

Related Tags

2 comments

Related Categories

You May Also Like