The Latest in IT Security

Host4africa Mass Compromise

02
Aug
2011


We are seeing a lot of sites hosted at host4africa.com compromised with Blackhat Spam SEO. Most of them are in the .co.za TLD (at 74.53.0.0/16 and 74.54.0.0/16) and have hidden links to generic drugs (common Pharma Spam).

When you on click on links added to the compromised sites you are redirected to a Pharma page, like this one:

The number of sites compromised is pretty large. Here are some we identified on one site:

http://www.westcoastestate.co.za/slideshow/us.php?fd=13

http://www.cmrprojects.co.za/Docs_TPMS/protect.php?norx=14

http://www.blaauwpoort.co.za/logs/index.php?oem=11

http://www.artbymentz.co.za/_private/index.php?sf=14

http://www.newhanover.co.za/_vti_cnf/uk.php?rf=13

http://www.room-to-grow.co.za/wp-content/us.php?qw=18

http://www.kinx.co.za/forms/protect.php?med=13

http://www.vryheidbusiness.co.za/css/protect.php?med=18

http://www.propertymanagementservices.co.za/plesk-stat/protect.php?oem=10

http://www.lingoproz.co.za/images/uk.php?norx=12

http://www.newhanover.co.za/_vti_cnf/uk.php?rf=14

http://www.autobinary.co.za/picture_library/uk.php?we=13

http://www.castlepools.co.za/gallery/g2data/protect.php?fgd=14

http://www.westcoastestate.co.za/slideshow/us.php?fd=15

http://www.buysmart.co.za/products/protect.php?we=8

http://www.promatix.co.za/stylesheet/index.php?sf=9

http://www.blaauwpoort.co.za/logs/index.php?oem=9

http://www.buysmart.co.za/products/protect.php?we=9

http://www.adventureactivities.co.za/library/index.php?qw=14

http://www.nac-fontainebleau.co.za/components/uk.php?fgd=14

http://www.nac-fontainebleau.co.za/components/uk.php?fgd=15

http://www.dinamika.co.za/Figure/index.php?fgd=16

http://prosoccer.co.za/shop/images/us.php?med=10

http://www.ulrichsuesse.co.za/css/index.php?fd=9

http://www.emetministries.co.za/media/uk.php?med=12

http://www.quadaddict.co.za/acatalog/index.php?we=16

http://www.blaauwpoort.co.za/logs/index.php?oem=13

http://prosoccer.co.za/shop/images/us.php?med=13

http://www.hotelpro.co.za/videos/uk.php?med=10

http://www.dinamika.co.za/Figure/index.php?fgd=17

http://www.ljddesign.co.za/_notes/page.php?fgd=12

http://www.nac-fontainebleau.co.za/components/uk.php?fgd=17

http://www.andnow.co.za/ss2/uk.php?fd=16

http://www.andretrollip.co.za/language/index.php?we=14

http://www.scottburghproperty.co.za/property/photos/page.php?aa=18

http://www.autobinary.co.za/picture_library/uk.php?we=14

http://prosoccer.co.za/shop/images/us.php?med=14

http://www.room-to-grow.co.za/wp-content/us.php?qw=16

http://www.ariadne.co.za/images/protect.php?med=11

http://www.castlepools.co.za/gallery/g2data/protect.php?fgd=12

http://www.smokersjoy.co.za/products_pictures/us.php?aa=13

http://www.lpe.co.za/plesk-stat/uk.php?rf=17

http://www.hospiceeastrand.co.za/picture_library/uk.php?rf=14

http://www.lingoproz.co.za/images/uk.php?norx=11

http://www.craftynook.co.za/wcmd2010/page.php?rf=14

http://www.propertyforsalesa.co.za/picture_library/protect.php?rf=16

http://www.theview45.co.za/images/3prov/thumbs/protect.php?norx=12

http://www.benchesdirect.co.za/Scripts/page.php?aa=10

http://www.spadirectory.co.za/images/uk.php?oem=11

http://www.smartdobermann.co.za/fotoalbum/us.php?fd=17

http://www.andnow.co.za/ss2/uk.php?fd=17

http://www.sandplay.co.za/sandplaywork/wpimages/uk.php?qw=13

http://www.bigswing.co.za/topmenuscript/_vti_cnf/index.php?rf=13

http://www.propertymanagementservices.co.za/plesk-stat/protect.php?oem=11

http://www.promatix.co.za/stylesheet/index.php?sf=8

http://www.anmari.co.za/content/us.php?norx=17

http://www.orblife.co.za/orbcms/page.php?fd=10

http://www.benchesdirect.co.za/Scripts/page.php?aa=11

http://www.lingoproz.co.za/images/uk.php?norx=14

http://www.orblife.co.za/orbcms/page.php?fd=12

http://www.rhythmethod.co.za/images/protect.php?qw=13

http://www.tellefallstrails.co.za/wp-content/protect.php?med=17

http://www.christieclark.co.za/gallery/include/uk.php?qw=12

http://www.smartdobermann.co.za/fotoalbum/us.php?fd=16

http://www.christieclark.co.za/gallery/include/uk.php?qw=16

http://www.aerostratus.co.za/plesk-stat/uk.php?oem=13

http://www.thewindycity.co.za/wp-content/uploads/us.php?qw=15

http://www.bigswing.co.za/topmenuscript/_vti_cnf/index.php?rf=12

http://www.craftynook.co.za/wcmd2010/page.php?rf=18

http://www.gentlebirth.co.za/wp-content/themes/page.php?oem=12

http://www.casawcf.co.za/_themes/blank/_vti_cnf/page.php?rf=13

http://www.studio68.co.za/wordpress/page.php?sf=13

http://www.amablom.co.za/Images/uk.php?rf=15

http://www.emetministries.co.za/media/uk.php?med=15

http://www.quadaddict.co.za/acatalog/index.php?we=18

http://www.celluvibez.co.za/userfiles/index.php?we=15

http://www.thewindycity.co.za/wp-content/uploads/us.php?qw=18

http://www.scottburghproperty.co.za/property/photos/page.php?aa=15

As you can see, the spam is hidden in sub-directories for various types of sites (plain HTML, WordPress, Joomla, etc). It leads us to believe that this is a hosting compromise.

Are you hosting here? Having any malware or spam issues? You can try our free scanner to test: http://sitecheck.sucuri.net.

Leave a reply


Categories

SUNDAY, OCTOBER 25, 2020
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments