Do you see NSFW ads on government pages? Here’s why

0

Have You Stumbled On Inappropriate Ads On US Government Websites? You are not alone, but why are adult spam ads showing up on government websites?


Illustration of a spam website full of warnings and advertisements

Only United States-based government agencies and public sector organizations are eligible to receive a .gov domain, which is a sponsored top-level domain administered by the Cybersecurity and Infrastructure Security Agency.

Citizens turn to government websites for credible information on topics ranging from voting to stimulus checks, and it is reasonable to assume that the last thing one would expect on a government-affiliated website would be an NSFW advertisement ( not safe for work, explicitly) is for Viagra or a link to an adult video page.

But that is exactly what has been happening for over a year.

NSFW ads on government websites

As reported by Vice, NSFW ads and links have been spotted on 50 different government subdomains and will likely take a while to be removed.

A simple Google search reveals that a website affiliated with Sandpoint, Idaho, served ads for an alleged Robux generator (Robux is the in-game currency for the popular Roblox gaming platform).

Screenshot of Google search results showing a government website advertising Robux

Meanwhile, Vermont Attorney General TJ Donovan’s official website contained spam ads for alleged Fortnite skins and V-Bucks generators.

Google search shows that the Vermont AG website shows spam ads

Security vulnerability in laserfiche software

According to cybersecurity researcher Zach Edwards, who first discovered the problem, government and military sites are hosting NSFW content because of a vulnerability in the content management systems of software provider Laserfiche.

The company has contracts with several government agencies, including the Federal Bureau of Investigations (FBI).

The now patched vulnerability allowed third parties to transfer files to .gov sites without the website owner’s permission. In other words, black hat SEO specialists took advantage of this vulnerability to improve their own websites.

RELATED: 10 Reasons Cyber ​​Criminals Hacked Websites

“This vulnerability created phishing lures on .gov and .mil domains that would force visitors into malicious redirects and potentially target those victims with other exploits,” said Edwards Vice.

Edwards has been reporting this to affected .gov sites for months and has even detailed its results in a YouTube video which can be viewed below.

Laserfiche has released an update

In a blog post earlier this month Laser fiche has confirmed that the vulnerability is being used as an active exploit and has released a security update. In addition, Laserfiche has released a simple cleanup tool that affected customers can use to clean up their pages with NSFW content.

The fact that black hat SEO specialists successfully targeted government websites shows the importance of having adequate protection.

Updating content management systems, plugins, and scripts is a must for every webmaster. Security plugins are also a good investment, especially for those using WordPress.


WordPress security
6 WordPress plugins to keep your website safe from hackers

Blogging with WordPress? Chances are your website is under attack by hackers – use these WordPress plugins to keep it safe.

Continue reading


About the author


Source link

Leave A Reply

Your email address will not be published.