Monday, April 5, 2010

Another Thai website spreading malware

Warning screen for amphoe.com last year
Since at least last Thursday, ThaiTambon.com has joined the club of high-profile Thai websites which have been hacked by using well-known security holes and have been converted into malware-spreading sites. Anyone using Firefox will now get a big red warning screen that accessing the site is not recommended, also any Google hits now have a warning line under the link, and won't lead to the infected site directly anymore.

For ThaiTambon it is really a loss, though the main focus of the site is the promotion of the OTOP (One Tambon One Product) products, it also contains information on all of the 7255 subdistricts, however of varying quality. Sometimes just the neighboring subdistricts, sometimes a full history and a list of all the villages. Though it thus can hardly be used as the sole source, it is a often a valuable tool for researching some local histories, so it'd be a loss if the webmaster won't fix the problem soon.

Other websites in this hall of shame, all being in this club for several weeks or months already, are the Thai senate, the upper house of the parliament, as well as the Royal Institute, the caretaker of Thai language. But failing to use the latest version of the content management system isn't the largest problem of the webmaster at Thaitambon, even more any attempt to contact them is doomed because they failed to keep their mailserver running. And I am sure this email is supposed to work, as on the archived version of the site in 2008 showed it.
Delivery to the following recipient failed permanently:

webmaster@thaitambon.com

Technical details of permanent failure:
The recipient server did not accept our requests to connect.
[mail.thaitambon.com. (5): Connection refused]


Update As of April 8 the warning in Google has disappeared, so apparently the webmaster has cleaned the site now.

9 comments:

john francis lee said...

Microsoft software?

Andy said...

Probably not - most common is an old version of the content management system like Joomla, where it had holes for techniques like SQL injection. Any decent webmaster has to keep the CMS up to date, since there are already toolkits which do all the work of installing the malware links automatically.

Born2Serf said...

I noticed Google Search started reporting this site as hazardous about a week back. Pity! I was finding some of the site's tambon maps quite useful.

Mike said...

Andy, I find this frequently happening here. Is it just poor website management? Even the main Immigration site was infected a while back......have they not heard of decent anti-virus and firewalls?

BTW I'm heading South to Tang Sai today so will check out the temple with the Hong outside.

PS- thank you again for the link I see WTT now has a PR 3-not bad in two months!

Andy said...

It is the same as Windows users not installing the security updates provided by Microsoft - sooner or later one of the bots will infect your machine. Only for webmasters they have to install the updates manually, so it seems most are simply to lazy or don't understand the reason for the continuous updates. It is also a matter of cost - either you go to a web hosting company who (hopefully) will do this for you and you only need to care about keeping the content up to date, or you try to save this money and setup everything yourself, and once running think you're done - but that's wrong, if hosting yourself you have to monitor and upgrade the site continuously. So the money you save have to pay by your own work.

Born2Serf said...

Thanks for the update!

Pattaya Girls said...

the blue text on a brown background is unreadbale on my laptop, any chance u could change your colour scheme ?

Andy said...

It only shows "blue text on a brown background" shortly while loading, maybe for whatever reason the background image which makes the main part of the blog yellow does not load? It is mostly a standard template provided by blogger, so you should have similar problems with other blogs using the same layout.

Born2Serf said...

I'm experiencing similar problems with PG's choice of a purple foreground on a pink background. ;-)