South Island restaurant chain Poppy Thai has had its website taken over by a Russian person selling pharmaceuticals.

A Thai restaurant chain has had its website taken over by someone in Russia peddling Viagra, antidepressants and bodybuilding supplements.

They have changed the website of South Island restaurant chain Poppy Thai, so when people click on links to read menus they are redirected to an online drug retailer.

Poppy Thai Blenheim owner Dara Ching said a few customers had mentioned there was a problem with the website in the last couple of months, but she did not know much about computers.

STUFF Clicking on Richmond's Poppy Thai menu will take you to a website offering Viagra.

"They came in to have a look at the menu here, and said they can't find the menu on our website. I say, 'I'm sorry, I don't know anything about it'," Ching said.

READ MORE:

* Overseas hackers forget smiley face for Marlborough business

* Massive phishing expedition targets 10,000 NZ phones in 24 hours

* Businesses should batten down cyber-security hatches amidst ransom hacks

* Russian hacking another reminder internet knows no borders

"I don't know what's wrong. In Christchurch they also told my son their website was not working, but the people in Nelson don't seem to know."

STUFF Clicking on Poppy Thai's Nelson menu will redirect you to a website offering antidepressant Fluoxetine.

Ching was not angry about it, but wanted the website fixed for her customers, she said.

"People still come in to buy dinner."

Her son Danny Ching, the managing director of the South Island chain, said the website was established several years ago, and he no longer got emails about how many people were using it, so perhaps the domain had expired.

"I think most of our customers rely on our Facebook page for menus instead of our website, so probably not that many people have been affected. But it is irritating."

He would get his contracted website administrator to fix the problem, he said.

"It's probably best people just go to our Facebook page while I get someone on to it."

The pharmaceutical-selling website's domain was registered to a man in Yekaterinburg, Russia. He had 1493 other websites on the server.

He did not respond to emails for comment before publication.

The Ministry for Business, Innovation and Enterprise computer emergency response team (CERT) senior incident manager Erica Anderson said they often got reports about compromised websites.

"These can occur for a range of reasons. The website might use a weak password or a reused password that has been compromised, the software used to maintain the site could be out of date, or the domain may have expired and been purchased by someone else."

Hackers were usually opportunists, rather than deliberately targeting people or companies, Anderson said.

"Instead, attackers look for easy ways to gather as much information online as they can, and then use it to exploit weaknesses and vulnerabilities. They're not picky about who they target," she said.

"We can't know the reasons behind attacks like this. The scammers could be trying to influence search engine optimisation (SEO) scores, or they could be trying to distribute malware."

Keep your website safe

Make sure your website uses HTTPS

​Use strong and unique passwords

Keep software up-to-date

Use two-factor authentication where available

Have backups of website content and databases

Set domains to renew automatically