wp-codeTwo days ago FBI made an announcement informing website owners of a serious web-defacement spree perpetrated by the Islamic State of Iraq and al-Shams (ISIS). These web-defacement tactics start by exploiting vulnerabilities in a popular blogging platform, WordPress. It's not uncommon to find WordPress being used beyond just a blogging platform.

Many website owners in Mauritius run WordPress too, some of them poorly maintained or rather un-patched.

There are various ways for an attacker to know about vulnerabilities present on a website. Those start by knowing the server type, application version etc. Another way is by producing errors on the website. Error handling is a key to securing an application as it tends to show which "doors" of the application are currently unsecured.

Security on Mauritian websites

Recently, I've been scouring website-search in Mauritius and studying the way our local folks look at Cyber Security. I must admit, we're still struggling. Most websites in Mauritius are just designed, SEO improved and they're put online. Little time is spent with regards to security.

Two such examples are the Mauritius Institute of Professional Accountants and onlyrent.mu. By leaving their application error_log in a public directory, they have actually made it easier for attackers to make a reconnaissance prior to the attack.

mipa

Above taken from mipa.mu. A similar situation exists on onlyrent.mu.

A few days ago I wrote about how chili.mu could have been compromised. There was an attempt to clean the mess but sadly it's poorly done. Remnants of security-ugliness still lurk the webserver.