UK Government Sites Hacked With Pharma Spam

UK government sites have been hacked and are serving pharma spam.

Yesterday The Drum covered Terence Eden’s post on security vulnerabilities on the UK government website

The UK Parliament’s search funtion was shown to be open to some very basic XSS injection attacks – which on testing appear to have now been fixed.

After finding a big batch of US government sites that had been hacked late last year, and successfully having them cleared up, I thought would have a quick look to see if anything on UK government sites was hacked.

It didn’t take long.

On a sub-domain of Gov.UK (though not part of Gov.UK directly), is serving many hundreds of cloaked spam pages, which in turn redirect users to – a dodgy looking online pharmaceutical site that if I had to guess is probably a credit card phishing site.

The UK domain name registry Nominet carry out regular domain name authenticity checks, yet don’t seem to have got round to yet. A quick look at the Whois details is almost laughable. Would you buy from a site registered to an organisation called ‘nana’, company registration number 123456789?

The website appears to be powered by a compromised modXhost installation which serves cloaked pages to Googlebot (see the Google cache below), whilst redirecting users to the phishing site.

One site wasn’t enough, so I dug a little deeper into any other government sites that may have been hacked.

Events/What’s On sections seem to be a target of regular abuse from spammers.

Another site that appears to have been compromised recently, though fixed now, is

A look at the Google cache of these pages show they were hacked and serving similar pharma spam – with pages that were using a cloud hosted Twitter Bootstrap template/CSS.

Websites getting hacked – indeed even high profile websites getting hacked – is of course nothing new or especially noteworthy.

Though it has to be said, with the abilities of GCHQ and their apparent mastery of the internet – you might wonder how they don’t spot UK government websites that are vulnerable to the most basic attacks, and even worse, websites that actually are hacked.

In case there is anyone from GCHQ listening, my gift to you: buy viagra

Note: I contacted and they are taking action on the hack. They also said thank you – which is always nice.


Colin McDermott
Colin McDermott
Colin (@ColinMcDermott) is owner and chief SEO nerd at Search Candy, with over a decade of experience building, optimising and marketing websites.