Natural England: former EN website was hacked
- Trespassers won’t be prosecuted: do you have a right of access to the beach? - 25th March, 2024
- Why do boomers like minions? - 6th November, 2022
- Are you a true Isle of Wight local? - 30th October, 2022
Naturenet reported on 7 April about the problems with the former English Nature website. A fortnight later and it’s still broken – so what’s the story? Chris Moos, Natural England’s Online Communications Manager spoke exclusively to The Virtual Ranger about the problem. Chris explained:
The reason that the site has been taken down is that it was subject to a hacking attack. The hacker inserted a number of viruses onto the server which have caused us a lot of problems. We need to move the hosting environment to something more secure and this will take a bit more time. In the meantime if you or others require access to any of the content or services delivered by this website then please direct requests to our enquiries team enquiries@naturalengland.org.uk
So, no end in site, but a helpful offer of information. Not quite as quick as Google but it’s a start. However, hacking? Is it a credible response? ‘A hacker hacked my site‘ is actually a pretty poor excuse which for credibility in web terms, ranks only slightly higher than ‘The dog ate it, sir‘. Some people will use hackers as an excuse for other online misdoings, on the generally accurate assumption that the average person, encouraged by media hysteria, credits hackers with near god-like powers to bend the laws of physics. However, in this case it seems probable that Natural England is telling it as it is. People do hack into sites, especially big, old, unmaintained government sites such as this ex-English Nature one. And perhaps planting a virus would be considered a waggish prank. Actually rather than active hacking it’s more likely that a security vulnerability in the servers allowed a scanning worm to infect them – but the result would be the same. And it’s not all gloom. Chris Moos offers some good news:
We will be bringing the ex-English Nature, ex-Countryside Agency and ex-Rural Development Service websites into a new Natural England corporate site by September this year.
We look forward to that. Update: It’s all fixed now. Good work, the NE nerds.
A story broke on Computerworld yesterday about a mass attack that breached unspecified ‘government sites in the U.K.’.
The report mentions an SQL injection attack, and a site like English Nature’s would quite plausibly be vulnerable to that; according to Netcraft it was running Windows 2000 and Microsoft-IIS/5.0, which doesn’t fill one with much confidence.
The worst part about it is that the compromised sites were actually serving up malware to visitors. Recovery would entail not merely a quick restore, but also finding and fixing whatever security errors had made them vulnerable (such as wasting public money on Microsoft junk.)