Thirteen schools had their websites defaced on 20th November. All of them have been restored today, although only just so. When I checked last night, three schools still had their homepage spewing Joomla SQL errors, and another one just displayed a blank page. 48 hours was insufficient to restore their websites.
All thirteen sites were hosted on the same server. So, basically, I’m guessing the attacker obtained shell access on the server, perhaps even with root privileges, and did the damage to all thirteen websites in one fell swoop.
While looking through the various schools websites, I discovered an interesting trend. Many of them run Joomla. There are others, like one on Sharepoint and another using Dreamweaver, but Joomla seems to be the most common. What else? Several of those Joomla websites are using a rather old version of Joomla, version 1.5.
Let’s see, according to this Wikipedia Joomla entry, version 1.5 has become unsupported since 1 December 2012. That’s just a couple of days shy of one whole year ago! A very long time indeed!
In my own experience, I’ve seen many Joomla user sites getting defaced. It’s become one of the reasons why I avoid Joomla myself.
Whatever the reason, this incident seems to tell us that some of our schools are ill-prepared to defend their online presence. I understand IT is unlikely to be a core function in most schools, and they may not posses adequate IT security capabilities. But we’re talking about simply putting back a webpage. Even a “website maintenance” page, as apparently an MOE leaked memo seem to indicate this to be part of their webpage defacement response plan.
Just for the record, as of last night, the following three schools where still display Joomla SQL errors:
This one had just a blank page:
The other nine schools that had their website defaced were:
- Canberra Primary School
- Compassvale Primary School
- Greendale Primary School
- South View Primary School
- West View Primary School
- Woodlands Ring Primary School
- Henderson Secondary School
- Raffles Girls’ School
- St Gabriel’s Secondary School
Many of these schools don’t really have their own technical capability and expertise to run their own websites. I imagine this is where the Ministry of Education should step in and offer common shared services to support the schools. What kind of support or help is the ministry providing to the schools?