back to article Illegal pharmaceutical ads infiltrate gov, edu sites (again)

Hundreds of thousands of webpages belonging to businesses, government agencies, and schools have been infiltrated by scammers pushing Viagra, Tadalafil, and other drugs. The towns of Birmingham and Horwich in the UK and Princeton University in the US are among those who have been hacked. Yahoo searches here, here, and here …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Coat

    Won't the good towns people of Birmingham

    Be pleased that the UK's 2nd city has now been demoted to a town

    Off to catch the 51 to Walsall maybe that's now a city

  2. FRLinux
    Pirate

    abuse

    Sadly, I am really starting to wonder what abuse reports affect people in charge. Most of the time (been doing that for 10 years now), you just never get a reply.

  3. Anonymous Coward
    Stop

    So what about firewalls

    Seems the author believes FTP passwords might be to blame.

    This is shocking on two fronts, firstly the password must have been so weak that it was cracked before anybody spotted the event logs with thousands of password attempts in it. Secondly FTP was publicly open. The latter is I hear very common. Why don't these people use even the simplest of firewalls, come on, IPTABLES and limiting the application to specific IP's has massive protection without any cost and maybe 2-3 hours of reading the manual and experimenting on an old PC. This is really basic security and so many establishments seem to constantly fall to this method of infiltration.

    I know some webhosting companies allow access from all sorts of IP's and without firewalling, but this is completely unnecessary, they need to insist their customers have a static IP. How many Webdesigners can't afford a couple of bucks extra a month for a static IP (You seen the prices the webbies charge!).

    I personally dislike FTP and don't have it installed, but for other required apps, a simple IPTABLES firewall keeps nosy Joe from even a single entry in my security logs.

    As for emergency access, the 3G connection is invaluable when out on the road, but this is simple by using an account without any privs, and the machine does nothing but allow SSH, and no password being set (ssh passphrases instead). This makes the crackers job somewhat difficult, and not to mention the machine regularly gets hosed thanks to a read-only USB install (one of those USB disks with a physical ro/rw switch).

  4. Anonymous Coward
    Anonymous Coward

    I need a title now? Okay... I think "Lord" would do nicely.

    I live in Horwich and I am shocked... SHOCKED I say! to find out we have a website... O.o

    When did that happen?

  5. Kerberos

    Morons

    It's the idiots that actually buy from these scammers that are largely to blame. If people stopped responding to spam and other such crap then it would go away.

  6. Col

    Shoot the messenger

    Who's serving up these ads? Line them up and shoot them. Or fine them or something, whatever's easier.

  7. John Savard

    I May Have Seen One

    There was a text ad for a casino at the top of one of the pages of a web site on the history of playing cards I visited earlier today, and yet the other pages ot that site had no ads.

    This was in the middle of their course on the history of playing cards; I believe it was a British site at that.

  8. Kanhef

    re: what about firewalls

    Doesn't matter how many attempts it took if no one is actively monitoring the logs. Even an automated log parser/blocker like DenyHosts or Fail2ban is of limited use if a large botnet is trying to brute-force a password.

  9. Lupus

    There are some problems with your comment: * A title is required.

    Town...

    Birmingham...

    Well, why not. If London had its own way it would be so.

    Also I blame Manchester.

  10. Chris Miller
    Unhappy

    @Kerberos

    "It's the idiots that actually buy from these scammers that are largely to blame."

    Indeed. The trouble is that it only takes a response rate of 0.01% or so to make the spam (highly) profitable. If you know of a human society where the moron rate is << 0.01% (or < 1% for that matter), I'd love to relocate there.

  11. Dennis
    Paris Hilton

    A Prize if you can find the Phorm Angle

    Wouldn't it be interesting if all this advertising could be linked to Phorm in some way. It wouldn't take much. Point a few BBC journalists to these sites. Oh dear it looks like you have been surfing for Viagra on your computer. You haven't well......... Phorm says you have! Look here is the targeted advertising based on your previous surfing habits.

    A little untruth.... but lets face it Phorm is too complicated to explain to all the IT savvy users nevermind the BBC. So where's the harm.

    Paris - Because she doesn't need any enhancements to performance

  12. Anonymous Coward
    Paris Hilton

    Considering the number

    Of illegals working at North London councils, suprised they dont host 419 scam sites too,

    It's the numbers game tho, 1% response for £0 outlay is still a profit of 100% per sale,

    and I never met many males who wouldnt like a bigger penis either....or females for that matter.

    Paris, cos I'd love to try her "vacuum enlargement" programme

This topic is closed for new posts.