Monday, June 8, 2009

Websites left unattended

Just few weeks ago my computer was infected with the Gumblar troyan, which I only noticed because it led me to strange website when clicking a link returned from a Google search. And that even though I use FireFox and has a virus scanner running, and that one even failed to removed it, which I finally could do by fixing the registry manually. Why do I mention it here - because I am very sure it must have been one of the TAO websites I had been checking out recently.

While I don't know which of the websites was the culprit, in Google search results relatively often on sees warning lines saying "This site may harm your computer", like in the (somewhat doctored) screenshot above. In that case, the website of TAO Yuan (หย่วน), Chiang Kham district, Phayao province is compromised, and will probably try to install malware. While this can happen quite easy as always new security holes show up, I have the impression that Thai websites are quite often affected. amphoe.com was compromised twice already, just right now even the website of the Thai cabinet is installing malware.

But since I mostly check TAO and municipality websites I rather often notice this warning in Google. Adding the non-responsiveness of the email addresses at these websites, and even partially broken websites with 404 internal links, it seems to me like many of these websites are set up once by a contracted web company and then never taken care anymore - thus noone ever notices if anything gets wrong. And even clearer sign in this direction are the forums quite often present in such websites, for example the one of Huai Phai (ห้วยไผ่) in Mueang Ratchaburi district which only contains topics like "asian teen lesbian group sex" or "teen sex boy chat page". I doubt of the 6500 citizen there'll ever be enough online to have a real forum discussion going there, but probably the forum was part of the standard web package so they just added it.

Or like several TAO websites hosted by ob.tc which all only show an error message, for example Takhian (ตะเคียน), Dan Khun Thot district, Nakhon Ratchasima.

And while I am in rant mode I should also mention that Thai websites seem to change their domain name every two years, maybe because they simply forget to renew the name registration and once they notice it is already in the hand of a domain grabber. The PAO of Surat Thani was previously at www.suratpao.com and www.suratpao.org, and now they are at the (actually much more fitting) domain name suratpao.go.th.

Given all the broken websites, it is a good thing that Si Sunthon (ศรีสุนทร) on Phuket has some redundancy - they have two websites in different designs online at the same time, one at phuketsrisunthon.org and one at srisunthon.go.th.

3 comments:

Catherine said...

The old fashioned forums are often a way in for those wanting to do harm to a site.

And I believe that once in, it is possible to do damage to other sites parked on the server.

If the sites are turned in, the hosting company can also get into trouble for hosting a site that is spreading a virus around the internet.

I know because a client's site of mine had problems several times. Nothing was wrong with the site (I spent weeks fixing it), it was the forgotten forum that enabled the culprets to get in.

The whole experience was similar to coming down with lice. Nasty.

Richard Barrow said...

I have to agree with you about websites infected by viruses. During my web surfing, this happens at Thai government websites for the majority of the time. Quite often my browser (Firefox) strongly advises me not to continue opening a page. Several government websites in Samut Prakan are like this. I presume they don't have virus scanners so are unaware of this problem.

Mike said...

Andy i have had one or two warnings about this virus. But thanks for the heads up.

Thai web sites do indeed seem to harbour some nasties I cringe whenever my partner searches using Thai sites since she loves to click on links despite my dire warnings.

Fortunately so far Kasperski seems to deal with everything but I am certainly not complacent.

BTW my info suggests that IE is vulnerable on this one and FF is safer. Also there are vulnerabilities in Adobe reader and flash player.