On Saturday, August 27, 2022, a photo of an article promoting an adult website on the official website of the Public Procurement Authority (PPA) went viral on social media.
Dubawa Ghana’s research showed that at least seven different articles of that nature had been published on the website.
The articles have since been deleted, but below are insights from our findings and advice from experts on protecting websites from such unpleasant developments.
All the posts were meant to promote adult-oriented social networking services, including Adult Friend Finder.
The many grammatical errors in the meta description of the various articles when searched on Google suggest that the articles were written in bulk using an inexpensive AI copywriting tool.
We also found evidence that around the same time the publications were made on the State agency’s website, similar publications promoting the same websites were being done on other websites.
For instance, the Public Procurement and Disposal of Public Assets Authority of Uganda had similar publications on its website.
Although some of the articles have subsequently been pulled down, we accessed some of them that were still live, like this one.
Ghana’s Public Procurement Authority, in a statement, said its website had been “compromised by hackers” and it is working to ensure that such incident does not reoccur.
“The Authority continues to work with the relevant Cyber Security Agencies to ensure appropriate measures are put in place to prevent future cyber attacks on our official website and in the event it happens, it will be swiftly resolved,” it said.
Website hacking is the unauthorised access to or control over computer network security systems for some illicit purpose.
Apart from attempts to get access to company data, cybercriminals may hack a website in a way that ruins the organisation, like redirecting some critical web page links to adult websites or injecting the website with new articles with backlinks to adult websites, as was the case of the PPA website.
Statistics show that almost one out of every six WordPress-powered sites are vulnerable to attacks. More than half a million WordPress sites were compromised by attackers in 2021.
How does this happen?
Divine Puplampu, the technology lead for Accra-based web services provider, Stimulus, told DUBAWA that, besides hacking, getting access and taking control of a website author’s account to make unwarranted posts, hackers may also take advantage of vulnerabilities on websites as a result of the use of outdated themes and plugins.
“There are different levels at which this can happen. The account of an administrator can be hacked directly. Also, somebody may be able to inject some codes into the Structures Query Language (SQL) of the website, which gives them access to the website’s database and allows the person to make posts on your site. In such a case, you won’t see those articles in the posts section, but when someone opens the website, they’ll be able to see them [the posts]. There is also the case of outdated themes and plugins that can allow hackers access to make posts on the website because of the vulnerabilities they have,” he said.
Puplampu said a cursory assessment of the ppa.gov.gh website shows that the WordPress version being used is yet to be updated to the latest version of 6.0.1 and the minimum recommended PHP of 7.4.
He advised that preventing such attacks in future will require that “the PHP, WordPress core, themes and plugins are updated to the latest version as the updates tackle security vulnerabilities.”
“I will advise administrators to ensure that they prevent people from getting access to the accounts by implementing two-factor authentication and also change their password periodically… Website owners must also employ technical and security maintenance engineers to police their websites to ensure that such things are detected and tackled soon enough. A simple google recaptcha system can also help prevent the situation where bots are used to hack websites,” he added. An extensive explanation of how to protect a website from hacking can be found here.