Hacked university sites

Lately I’ve been getting quite a few blog spam comments that try to insert links to hacked university web sites. One of the hacked systems was even loading and displaying porn photos on their forum software, ouch. All the systems seem to have suffered from SQL injection vulnerabilities in forum and calendar software.

I’m now trying to pay attention to where the spam links are pointing when I review the spam bucket. When I see a .edu domain I make the effort to e-mail the university web master to let them know they have been hacked. So far the sites I’ve reported have all been repaired and I’ve gotten a couple of thank you replies in return.

I’d like to suggest that all the blog owners out there try to keep an eye out for hacked .edu domains showing up in their spam bucket. Then let the university know so that they can get it fixed before they get into trouble.