Christopher's Broom Cupboard Rotating Header Image

If you knew your site had been hacked, would you do anything about it?

Earlier this week a PayPal phishing email dropped into one of my work inboxes. I usually delete them instantly, but I checked out the compromised URL -- and surprise surprise, it was a UK domain. "OK," I thought, "I can do something about this."

Little did I know that the problem - a hacked subdomain hosting PHP redirector files to HTML on other compromised domains, and a fairly simple one to fix in five minutes - still wouldn't be fixed by the web site owner a week later...

The compromised subdomain, blocked.netscreener.co.uk, sat alongside a holding page on the root domain with Etico Solutions' logo and contact details emblazoned across it. (Etico appear to have phoenixed from the old defunct broadband provider Aspire Internet).

I rang the Etico number and spoke to someone who appeared concerned; I also forwarded  the contents of the original email showing the link to the compromised subdomain. However despite a couple of follow-up emails and the problem being assigned to someone (and receiving update tickets from the Etico Help Desk), the ticket was marked as 'resolved' on Thursday afternoon even though nothing's been done at all!

 

I find this incredibly frustrating; Etico just seem completely unwilling (or unable?!) to fix the problem. This is a registered UK limited company who above all else have the responsibility to secure their domain to prevent further compromising of users, protect their brand reputation and remove themselves from the possibility of being complicit in identity theft and potentially in breach of the Computer Misuse Act.

The irony of the hacked subdomain being "blocked.netscreener.co.uk" is that I think the netscreener.co.uk domain is used as part of their "Cleanweb" server-side filtered Internet solution for home and business customers. Doesn't really inspire much hope does it.

If anyone else wants to laugh at the incompetence, the hacked PHP files are still available at http://blocked.netscreener.co.uk (use Rex Swain's excellent HTTP Viewer tool to see the contents of the files without risking compromising your own computer).

Leave a Reply