Attack casts shadow over school

By RICHARD WOOD

Hackers defaced the website of Taumarunui High School on Monday and declared their "ownership" of the site. The principal was not amused.

The school prides itself on being a leader in the use and teaching of information technology.

But an international hacker group called Shadow Boys draped the school's front page with a big black square, declaring "Shadow Boys Ownz You" and listing their graffiti-style nicknames.

The group has been busy this week hacking into websites around the world that are based on an open source content management system called PHP-Nuke, which is written in the PHP programming language.

There appears to be no particular reason the Taumarunui school was targeted, other than that its site was hackable.

Shadow Boys have been busy defacing their way around the web and are ranking 18th on Delta5, a site that monitors defacements.

Besides the defacement, they have also run rampant in discussion groups on the affected sites.

Taumarunui High School principal Peter Gould described the defacement as a "bit of inconvenience" and said it would lead the school to improve its security.

"We'll take the security up another level with an encrypted password file. It is ultimately beneficial," he said.

The school has had its own website for three years and began using PHP-Nuke 14 months ago on a Windows server.

He said the school would continue to use PHP-Nuke in the short term but would investigate other options.

Its problem appears to arise through a known vulnerability in a configuration file called config.php.

In these types of attacks, once hackers get the administrator's password they can change it and block the legitimate owner's access.

Only the service hosting the website can then regain control.

Gould said this was the first time the school had been hacked. Unfortunately the day it was hit the two teachers and two technicians who could have fixed it were away.

Gould wasn't perturbed, and didn't think any data had been corrupted. The first solution was to replace the site from a backup.

"The timing is never convenient, I suppose. We'll get the thing up and running and outwit them for another three years".

But some students had been annoyed by the attack, he said.

"Most of our kids are responsible with their IT use".

Jonathan Sim, PHP expert and programmer at web development firm Zeald, said PHP-Nuke had a lot of vulnerabilities and it was important to keep up with the security patches and make frequent backups.

It was easy to use and economical and "it is not necessarily less secure than any other".

But "if you are on the web you are open to hacking, and with security vulnerabilities the hackers find them first".

Sim said hackers were like street gangs, running around and breaking things.

Susan Blass, systems architect for the IT security alert service E-secure-IT, said vulnerabilities occurred at all levels, from the programming language through the content management system program to issues in how it was implemented.

She said plenty of information was available on the web to help people secure their sites.

Backups should be made in proportion to the frequency of site updates and the importance of the material.

An e-commerce site doing transactions was different to a static information site, and the importance of retaining content in a community forum needed to be assessed.

Blass said often the damage with defacement was mostly embarrassment, but there could be concerns about what else might have been done such as embedding "back doors" for later use by the hackers.

Although they advertise email addresses on their defacements, Shadow Boys did not respond to Herald questions.

Taumarunui High

PHP-Nuke

Delta5

E-Secure-IT