0 SHARES Facebook Twitter

We just detected (via our scanner) that the Nagios community site (community.nagios.org) has been hacked and is redirecting to a Viagra site. The results vary depending on the page request.

If you try to visit any page and add a “order=X” in the query you will be redirected. Example:

$ lynx –head –dump http://community.nagios.org/?order=1

HTTP/1.1 302 Found

Date: Tue, 13 Jul 2010 02:54:37 GMT

Server: Apache/2.2.3 (CentOS)

X-Powered-By: PHP/5.1.6

Location: http://the pharmacy discount.com/item.php?id=1095&said=m111



See the 302 redirection to “pharmacy discount.com” site? Google already started to index some of the pages:



It looks like a .htaccess redirection, but it might be something else. They are using an old version of WordPress, which may explain the compromise. We recommend people stay way from the site until it gets fixed.