BINUS Today and the case of online gambling ads.reinhart1010.id – 4 October 2022From https://reinhart1010.id/blog/2022/10/04/binus-today-and-the-case-of-online-gambling-ads. Scan the QR Code to view the article on your device or web browser. |
|
Recently, we have seen that several official websites from:
- Cyber Security Community (CSC)
- Himpunan Mahasiswa Desain Interior (HIMDI)*
- Himpunan Mahasiswa Sistem Informasi (HIMSISFO)
have been hacked and actively posting a bunch of online gambling ads.
These ads do not appear on the affected organizations' home page, as they are neither categorized as "NEWS" nor "ARTICLES". Blog posts not marked as such will make these attacks less visible to be detected, but thanks to our automated team at BINUS Today, we're able to discover this issue.
As a result, some of these posts are starting to fill up inside BINUS Today, and since we currently don't have manual content filtering/blocking/takedown mechanisms inside BINUS Today, these articles will likely to re-emerge into BINUS Today even if we have removed the entry from our database.
We are currently contacting affected Student Organizations of BINUS University to fix and clear these posts, as this issue negatively impacts our PSE compliance standards.
Please stand by and re-visit this page anytime as we will provide real-time updates until all of the affected posts has been cleared from BINUS Today and respective site administrators.
Latest Updates
Update October 3, 2022
All unwanted posts hosted at HIMDI have been removed by HIMDI administrators and hence safe to be cleared from our database.
Update October 4, 2022
- 01:49 AM: We decided to create a deep-cleaning script which removes articles when the source URL is no longer available.
- 04:07 AM: Our initial script test have been successfully run, removing 61 taken-down articles from the latest 2,000 articles and 132 official websites.
- 08:41 AM: We have informed this issue to a publication manager and student organization website coordinator of Student Club and Activity Center (SCAC), BINUS University.
- 09:33 AM: We decided to perform a full scan of 22,000+ articles, which would take approximately 24 hours to finish with rate-limiting features turned on. We will also search and inspect for possible hacking attempts on other BINUS University official websites.
- 12:19 PM: The Cyber Security Community is currently removing affected posts.
- 13:01 PM: We were also informed about the previous attack which includes posting dating (and possibly explicit content) spams into other student organizations: KLIFONARA (photography club) and TFI Student Club.
- 13:55 PM: We have decided to publish our list of removed articles at https://gist.github.com/reinhart1010/78c8f040f7de76fd89dfdf44b902feab.
- 14:04 PM: Our deep-cleaning process has successfully detected 150 taken down posts over the overall course of 5 hours. Some of the removed URLs contain references to dating tips, which supports our given information from SCAC.
- 14:18 PM: A manual check against the CSC website has confirmed the deletion of these posts. We're still waiting for our deep-cleaning process to complete first before removing these articles.
- 17:30 PM: All articles containing the word "casino" have been removed except one from HIMSISFO.
- 🔴 22:11 PM: 216 taken-down articles have been successfully removed from BINUS Today.