Most of the websites are 'designed' using freely downloaded templates. IPS and IDS may not catch all malicious scripts. Even Godaddy had a 'silent' incident where they assisted more than 400 clients to fix their websites. The techies must learn to develop safe templates or just subscribe to a reliable services...e.g rockettheme.com or joomlart. You may have a look at http://blog.sucuri.net/2013/08/joomla-hacks-part-i-phishing.html . Most IPS/IDS also raise many false positives...so a human error on the part of the sys admin can also be possible. But all in all... the techies must style up! On Mon, Aug 19, 2013 at 5:18 PM, motobaridi <motobaridi@gmail.com> wrote:
Seeking enlightenment: is there a gov department responsible for these "e-projects" or is every parastatal, ministry etc free to roll with the lowest bidder? That aside, looking at the preference for Joomla by .go.ke "devs", and with the counties now all currently seeking web devs for their websites, it's only a matter of time before we have another spate of hacked .go.kesites. I predict 7/10 will be Joomla [?] .
Rinse. Repeat.
//MB
On Mon, Aug 19, 2013 at 5:00 PM, Evans Marindany <prosnave@gmail.com>wrote:
The CMS sites are the main target; especially those using themes/templates from untrusted sources as they have vulnarabilities that designers seem not to be aware of. Notice; imethawasco.co.ke/ is built on Wordpress while http://www.identity.go.ke/ uses Joomla. The price pple pay for easy cash using CMSs.
On Mon, Aug 19, 2013 at 4:42 PM, Odhiambo Washington <odhiambo@gmail.com>wrote:
Nice one. So Safaricom cannot afford a digital certificate and uses self-signed? In that case I wonder if they can afford a IDS/IPS system for lazy clients.
I rest my case now. I don't care about whose website went anyway.
On 19 August 2013 15:20, Paul Kevin <paultified@gmail.com> wrote:
Safaricom hosting is Cpanel via https with a self signed signature. eg https://cpanel02.safaricombusiness.co.ke:2083/
On Mon, Aug 19, 2013 at 3:08 PM, Odhiambo Washington < odhiambo@gmail.com> wrote:
+1 @M.G
On 19 August 2013 15:05, Moses M.G <mouzmuyer@gmail.com> wrote:
If you spill tea on your white carpet, is it the landlord's fault...you know,coz he rented you the house? I guess not! If some websites are running securely on Safaricom hosting, doesn't that mean some people have not secured theirs hence the hacking? Whatever happenned to being a man(or woman) and owning up to one's mistakes!
On 19 August 2013 14:56, Antony Kimani <kimanianthoni@gmail.com>wrote:
> +1 & RT @Kivuva > > > On Mon, Aug 19, 2013 at 2:50 PM, Kivuva <Kivuva@transworldafrica.com > > wrote: > >> Actually, the host is to blame more than the client. The host >> should have tools to monitor all kinds of activities, scripts, e.t.c on >> their servers and take proactive measures. Hacking will still be there, but >> the prevalence can drop upto 90%. >> >> International hosting companies do this, why should we be measured >> by a lower metric? >> >> Regards >> >> ______________________ >> Mwendwa Kivuva >> twitter.com/lordmwesh >> google ID | Skype ID: lordmwesh >> >> >> On 19 August 2013 14:33, Antony Kimani <kimanianthoni@gmail.com>wrote: >> >>> both, when you have an accident by a matatu, we not only blame the >>> drunk driver, we also blame the owner for employing him, plus the >>> government for being passed by corruptly by the drunk driver.. >>> >>> :) >>> >>> Antony... >>> >>> >>> On Mon, Aug 19, 2013 at 2:14 PM, Odhiambo Washington < >>> odhiambo@gmail.com> wrote: >>> >>>> Wait a moment! Is it Safaricom's duty to ensure that the >>>> configuration of all websites (httpd.conf/nginx.conf/my.cnf/etc) hosted by >>>> them is secure? >>>> So some folks at Safaricom have to sit down with the hosted >>>> entities and run an audit of the websites, or Safaricom have a software >>>> frontend that ensure all this happens automagically?? >>>> >>>> Someone please tell me who needs to take the blame? Is it >>>> Safaricom or the techie cobbling up together the website? >>>> >>>> >>>> >>>> On 19 August 2013 13:03, Paul Kevin <paultified@gmail.com> wrote: >>>> >>>>> Are these hosted by safcom? If yes, why do people still host >>>>> there. Its like being sold for water instead of petrol and still going to >>>>> the petrol station >>>>> >>>>> >>>>> On Mon, Aug 19, 2013 at 12:34 PM, motobaridi < >>>>> motobaridi@gmail.com> wrote: >>>>> >>>>>> Once managed to get to the homepage (after countless timeouts) >>>>>> sometime in June, but all links from there were dead. >>>>>> [?] >>>>>> >>>>>> >>>>>> On Mon, Aug 19, 2013 at 12:27 PM, Tony Likhanga < >>>>>> tlikhanga@gmail.com> wrote: >>>>>> >>>>>>> Talking of http://www.identity.go.ke/ >>>>>>> Has anyone had any success in accessing the site in the recent >>>>>>> past? I've had no joy since February this year [?] >>>>>>> >>>>>>> _______________________________________________ >>>>>>> skunkworks mailing list >>>>>>> skunkworks@lists.my.co.ke >>>>>>> ------------ >>>>>>> List info, subscribe/unsubscribe >>>>>>> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks >>>>>>> ------------ >>>>>>> >>>>>>> Skunkworks Rules >>>>>>> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 >>>>>>> ------------ >>>>>>> Other services @ http://my.co.ke >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> >>>>>> >>>>>> On Mon, Aug 19, 2013 at 12:27 PM, Tony Likhanga < >>>>>> tlikhanga@gmail.com> wrote: >>>>>> >>>>>>> Talking of http://www.identity.go.ke/ >>>>>>> Has anyone had any success in accessing the site in the recent >>>>>>> past? I've had no joy since February this year [?] >>>>>>> >>>>>>> _______________________________________________ >>>>>>> skunkworks mailing list >>>>>>> skunkworks@lists.my.co.ke >>>>>>> ------------ >>>>>>> List info, subscribe/unsubscribe >>>>>>> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks >>>>>>> ------------ >>>>>>> >>>>>>> Skunkworks Rules >>>>>>> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 >>>>>>> ------------ >>>>>>> Other services @ http://my.co.ke >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> //defenestration (diːˌfɛnɪˈstreɪʃən): the act of throwing >>>>>> someone out of a window >>>>>> //darwin spins in his grave "why is that fcuk still alive?" >>>>>> >>>>>> _______________________________________________ >>>>>> skunkworks mailing list >>>>>> skunkworks@lists.my.co.ke >>>>>> ------------ >>>>>> List info, subscribe/unsubscribe >>>>>> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks >>>>>> ------------ >>>>>> >>>>>> Skunkworks Rules >>>>>> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 >>>>>> ------------ >>>>>> Other services @ http://my.co.ke >>>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> skunkworks mailing list >>>>> skunkworks@lists.my.co.ke >>>>> ------------ >>>>> List info, subscribe/unsubscribe >>>>> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks >>>>> ------------ >>>>> >>>>> Skunkworks Rules >>>>> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 >>>>> ------------ >>>>> Other services @ http://my.co.ke >>>>> >>>> >>>> >>>> >>>> -- >>>> Best regards, >>>> Odhiambo WASHINGTON, >>>> Nairobi,KE >>>> +254733744121/+254722743223 >>>> "I can't hear you -- I'm using the scrambler." >>>> >>>> _______________________________________________ >>>> skunkworks mailing list >>>> skunkworks@lists.my.co.ke >>>> ------------ >>>> List info, subscribe/unsubscribe >>>> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks >>>> ------------ >>>> >>>> Skunkworks Rules >>>> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 >>>> ------------ >>>> Other services @ http://my.co.ke >>>> >>> >>> >>> _______________________________________________ >>> skunkworks mailing list >>> skunkworks@lists.my.co.ke >>> ------------ >>> List info, subscribe/unsubscribe >>> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks >>> ------------ >>> >>> Skunkworks Rules >>> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 >>> ------------ >>> Other services @ http://my.co.ke >>> >> >> >> _______________________________________________ >> skunkworks mailing list >> skunkworks@lists.my.co.ke >> ------------ >> List info, subscribe/unsubscribe >> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks >> ------------ >> >> Skunkworks Rules >> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 >> ------------ >> Other services @ http://my.co.ke >> > > > _______________________________________________ > skunkworks mailing list > skunkworks@lists.my.co.ke > ------------ > List info, subscribe/unsubscribe > http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks > ------------ > > Skunkworks Rules > http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 > ------------ > Other services @ http://my.co.ke >
-- Kind Regards,
Moses M.G.
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 "I can't hear you -- I'm using the scrambler."
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 "I can't hear you -- I'm using the scrambler."
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- MARINDANY EVANS L.
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- //defenestration (diːˌfɛnɪˈstreɪʃən): the act of throwing someone out of a window
On Mon, Aug 19, 2013 at 5:00 PM, Evans Marindany <prosnave@gmail.com>wrote:
The CMS sites are the main target; especially those using themes/templates from untrusted sources as they have vulnarabilities that designers seem not to be aware of. Notice; imethawasco.co.ke/ is built on Wordpress while http://www.identity.go.ke/ uses Joomla. The price pple pay for easy cash using CMSs.
On Mon, Aug 19, 2013 at 4:42 PM, Odhiambo Washington <odhiambo@gmail.com>wrote:
Nice one. So Safaricom cannot afford a digital certificate and uses self-signed? In that case I wonder if they can afford a IDS/IPS system for lazy clients.
I rest my case now. I don't care about whose website went anyway.
On 19 August 2013 15:20, Paul Kevin <paultified@gmail.com> wrote:
Safaricom hosting is Cpanel via https with a self signed signature. eg https://cpanel02.safaricombusiness.co.ke:2083/
On Mon, Aug 19, 2013 at 3:08 PM, Odhiambo Washington < odhiambo@gmail.com> wrote:
+1 @M.G
On 19 August 2013 15:05, Moses M.G <mouzmuyer@gmail.com> wrote:
If you spill tea on your white carpet, is it the landlord's fault...you know,coz he rented you the house? I guess not! If some websites are running securely on Safaricom hosting, doesn't that mean some people have not secured theirs hence the hacking? Whatever happenned to being a man(or woman) and owning up to one's mistakes!
On 19 August 2013 14:56, Antony Kimani <kimanianthoni@gmail.com>wrote:
> +1 & RT @Kivuva > > > On Mon, Aug 19, 2013 at 2:50 PM, Kivuva <Kivuva@transworldafrica.com > > wrote: > >> Actually, the host is to blame more than the client. The host >> should have tools to monitor all kinds of activities, scripts, e.t.c on >> their servers and take proactive measures. Hacking will still be there, but >> the prevalence can drop upto 90%. >> >> International hosting companies do this, why should we be measured >> by a lower metric? >> >> Regards >> >> ______________________ >> Mwendwa Kivuva >> twitter.com/lordmwesh >> google ID | Skype ID: lordmwesh >> >> >> On 19 August 2013 14:33, Antony Kimani <kimanianthoni@gmail.com>wrote: >> >>> both, when you have an accident by a matatu, we not only blame the >>> drunk driver, we also blame the owner for employing him, plus the >>> government for being passed by corruptly by the drunk driver.. >>> >>> :) >>> >>> Antony... >>> >>> >>> On Mon, Aug 19, 2013 at 2:14 PM, Odhiambo Washington < >>> odhiambo@gmail.com> wrote: >>> >>>> Wait a moment! Is it Safaricom's duty to ensure that the >>>> configuration of all websites (httpd.conf/nginx.conf/my.cnf/etc) hosted by >>>> them is secure? >>>> So some folks at Safaricom have to sit down with the hosted >>>> entities and run an audit of the websites, or Safaricom have a software >>>> frontend that ensure all this happens automagically?? >>>> >>>> Someone please tell me who needs to take the blame? Is it >>>> Safaricom or the techie cobbling up together the website? >>>> >>>> >>>> >>>> On 19 August 2013 13:03, Paul Kevin <paultified@gmail.com> wrote: >>>> >>>>> Are these hosted by safcom? If yes, why do people still host >>>>> there. Its like being sold for water instead of petrol and still going to >>>>> the petrol station >>>>> >>>>> >>>>> On Mon, Aug 19, 2013 at 12:34 PM, motobaridi < >>>>> motobaridi@gmail.com> wrote: >>>>> >>>>>> Once managed to get to the homepage (after countless timeouts) >>>>>> sometime in June, but all links from there were dead. >>>>>> [?] >>>>>> >>>>>> >>>>>> On Mon, Aug 19, 2013 at 12:27 PM, Tony Likhanga < >>>>>> tlikhanga@gmail.com> wrote: >>>>>> >>>>>>> Talking of http://www.identity.go.ke/ >>>>>>> Has anyone had any success in accessing the site in the recent >>>>>>> past? I've had no joy since February this year [?] >>>>>>> >>>>>>> _______________________________________________ >>>>>>> skunkworks mailing list >>>>>>> skunkworks@lists.my.co.ke >>>>>>> ------------ >>>>>>> List info, subscribe/unsubscribe >>>>>>> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks >>>>>>> ------------ >>>>>>> >>>>>>> Skunkworks Rules >>>>>>> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 >>>>>>> ------------ >>>>>>> Other services @ http://my.co.ke >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> >>>>>> >>>>>> On Mon, Aug 19, 2013 at 12:27 PM, Tony Likhanga < >>>>>> tlikhanga@gmail.com> wrote: >>>>>> >>>>>>> Talking of http://www.identity.go.ke/ >>>>>>> Has anyone had any success in accessing the site in the recent >>>>>>> past? I've had no joy since February this year [?] >>>>>>> >>>>>>> _______________________________________________ >>>>>>> skunkworks mailing list >>>>>>> skunkworks@lists.my.co.ke >>>>>>> ------------ >>>>>>> List info, subscribe/unsubscribe >>>>>>> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks >>>>>>> ------------ >>>>>>> >>>>>>> Skunkworks Rules >>>>>>> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 >>>>>>> ------------ >>>>>>> Other services @ http://my.co.ke >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> //defenestration (diːˌfɛnɪˈstreɪʃən): the act of throwing >>>>>> someone out of a window >>>>>> //darwin spins in his grave "why is that fcuk still alive?" >>>>>> >>>>>> _______________________________________________ >>>>>> skunkworks mailing list >>>>>> skunkworks@lists.my.co.ke >>>>>> ------------ >>>>>> List info, subscribe/unsubscribe >>>>>> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks >>>>>> ------------ >>>>>> >>>>>> Skunkworks Rules >>>>>> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 >>>>>> ------------ >>>>>> Other services @ http://my.co.ke >>>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> skunkworks mailing list >>>>> skunkworks@lists.my.co.ke >>>>> ------------ >>>>> List info, subscribe/unsubscribe >>>>> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks >>>>> ------------ >>>>> >>>>> Skunkworks Rules >>>>> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 >>>>> ------------ >>>>> Other services @ http://my.co.ke >>>>> >>>> >>>> >>>> >>>> -- >>>> Best regards, >>>> Odhiambo WASHINGTON, >>>> Nairobi,KE >>>> +254733744121/+254722743223 >>>> "I can't hear you -- I'm using the scrambler." >>>> >>>> _______________________________________________ >>>> skunkworks mailing list >>>> skunkworks@lists.my.co.ke >>>> ------------ >>>> List info, subscribe/unsubscribe >>>> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks >>>> ------------ >>>> >>>> Skunkworks Rules >>>> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 >>>> ------------ >>>> Other services @ http://my.co.ke >>>> >>> >>> >>> _______________________________________________ >>> skunkworks mailing list >>> skunkworks@lists.my.co.ke >>> ------------ >>> List info, subscribe/unsubscribe >>> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks >>> ------------ >>> >>> Skunkworks Rules >>> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 >>> ------------ >>> Other services @ http://my.co.ke >>> >> >> >> _______________________________________________ >> skunkworks mailing list >> skunkworks@lists.my.co.ke >> ------------ >> List info, subscribe/unsubscribe >> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks >> ------------ >> >> Skunkworks Rules >> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 >> ------------ >> Other services @ http://my.co.ke >> > > > _______________________________________________ > skunkworks mailing list > skunkworks@lists.my.co.ke > ------------ > List info, subscribe/unsubscribe > http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks > ------------ > > Skunkworks Rules > http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 > ------------ > Other services @ http://my.co.ke >
-- Kind Regards,
Moses M.G.
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 "I can't hear you -- I'm using the scrambler."
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 "I can't hear you -- I'm using the scrambler."
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- MARINDANY EVANS L.
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- //defenestration (diːˌfɛnɪˈstreɪʃən): the act of throwing someone out of a window //darwin spins in his grave "why is that fcuk still alive?"
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
