As we all know, most of us search for the PH government websites from time to time. For example, you used Google to look for information about the Gov.PH site. But then, Google search results could come back with links like these.
You would be correct in assuming that it is secure given that the website in question is a government website and the results come from Google. So, you click on the link, but it takes you to a sketchy site where you can gamble.
I tried it, and it is true! Let us all take a look at the photo below.
There are more
So How Did These All Start?
Eskie Maquilang, a penetration testing engineer at KPMG, first found this shocking method.
Note: He did this alone to help friends he knew.
Eskie saw that hackers were causing a lot of 403 errors (which means “forbidden”) on servers that were being watched. These URLs (uniform resource locators) caught his eye.
Now, why would hackers look for these files in particular? Eskie thinks the hackers check to see if these files are on your web server. If these files were on YOUR server(s), they had already been broken into.
Hackers have already put the files on the site using weak plugins. Once the files are on your web server, Google spiders or bots will find them and add them to their index. Once it’s in the index, Google will “serve” it to anyone searching that matches it.
How Do These Government Websites Redirects to Gambling?
These files uploaded without permission have a code that sends people to the hackers’ favorite sites. It also looks for the link that led to the page. This check ensures that the links only work if they come from Google.com or Bing.com. It doesn’t work with Duck Duck Go (one point for DDG!) Even if you type it in, the links to gambling sites won’t work.
Is This Dangerous?
Imagine that hackers decided to send people to FAKE PH government websites or banking sites instead of the real ones. Users of PH could be tricked into giving out personal information or clicking on links just because the link is from a trusted source, like .gov.ph. Once you click on a link that has malware and it gets installed, you are well on your way to getting ransomware.
How to Report a Cybercrime to PNP-ACG
So you can see how much damage these methods could do if the hackers kept going. Quite scary if you’d ask me.
Tactic Motivation
Eskie thinks that this is a “black hat” SEO (Search Engine Optimization) technique for now. With this, the gambling websites in question appear on the first page in the results provided by Google Search. Because as we all know, links from sites that start with “Gov.ph” are better. As I mentioned earlier, most of us search for the PH government website from time to time.
What is Black hat SEO?
These are practices or methods used to change search engine rankings in ways that are against the terms of service of the search engines. A type of spam, and search engines (supposedly) don’t let you do it.
How to fix this?
Use Google’s “dork techniques” to find out if your website shows up in the search results for links like these. Find those files and delete them if your site comes up.
If you want to take legal action, you should take a screenshot of the file with the date and time it was made. You might want to let the DICT Cybercrime division know about this. This can help keep other people from falling for the same trick.
Next, you have to close the “hole” or weakness that lets the files get there in the first place. You can fix this file upload vulnerability in WordPress.
Last, please turn on your WAF (Web Application Firewall). WAF automatically looks over web requests and blocks attacks on your web server that are likely to happen.
MORE FROM CYBERSECURITY PROTECTION: