Do you see NSFW ads on government pages? Here’s why
[ad_1]
Have You Stumbled On Inappropriate Ads On US Government Websites? You are not alone, but why are adult spam ads showing up on government websites?
Only United States-based government agencies and public sector organizations are eligible to receive a .gov domain, which is a sponsored top-level domain administered by the Cybersecurity and Infrastructure Security Agency.
Citizens turn to government websites for credible information on topics ranging from voting to stimulus checks, and it is reasonable to assume that the last thing one would expect on a government-affiliated website would be an NSFW advertisement ( not safe for work, explicitly) is for Viagra or a link to an adult video page.
But that is exactly what has been happening for over a year.
NSFW ads on government websites
As reported by Vice, NSFW ads and links have been spotted on 50 different government subdomains and will likely take a while to be removed.
A simple Google search reveals that a website affiliated with Sandpoint, Idaho, served ads for an alleged Robux generator (Robux is the in-game currency for the popular Roblox gaming platform).
Meanwhile, Vermont Attorney General TJ Donovan’s official website contained spam ads for alleged Fortnite skins and V-Bucks generators.
Security vulnerability in laserfiche software
According to cybersecurity researcher Zach Edwards, who first discovered the problem, government and military sites are hosting NSFW content because of a vulnerability in the content management systems of software provider Laserfiche.
The company has contracts with several government agencies, including the Federal Bureau of Investigations (FBI).
The now patched vulnerability allowed third parties to transfer files to .gov sites without the website owner’s permission. In other words, black hat SEO specialists took advantage of this vulnerability to improve their own websites.
“This vulnerability created phishing lures on .gov and .mil domains that would force visitors into malicious redirects and potentially target those victims with other exploits,” said Edwards Vice.
Edwards has been reporting this to affected .gov sites for months and has even detailed its results in a YouTube video which can be viewed below.
Laserfiche has released an update
In a blog post earlier this month Laser fiche has confirmed that the vulnerability is being used as an active exploit and has released a security update. In addition, Laserfiche has released a simple cleanup tool that affected customers can use to clean up their pages with NSFW content.
The fact that black hat SEO specialists successfully targeted government websites shows the importance of having adequate protection.
Updating content management systems, plugins, and scripts is a must for every webmaster. Security plugins are also a good investment, especially for those using WordPress.
Continue reading
About the author
[ad_2]