CABS website gets hacked

L.S.M Kabweza Avatar
CABS Website Hacking

We just got a tip that the Central African Building Society (CABS) website has been hacked. Visiting the website right now loads the screen we have captured here:

CABS Website Hacking


CABS is Zimbabwe’s largest mortgage lender. The building society is a subsidiary of Old Mutual Zimbabwe, Zimbabwe’s largest life assurance organisation.

So far it looks that the hacking is basically the defacing of their website and not likely any deeper than that in terms of the payload. Our checks show the website uses the Joomla content management system.

We are told CABS has been notified and they are in the process of rectifying the problem, which apparently involves moving hosts and activating and even changing sites.


  1. anthonysomerset

    thats the unfortunate side effect of not updating joomla when security updates are released and making sure that other methods of entry weren’t locked down – i feel sorry for there IT department right now

    1. Leo Gumbo

      Hi Anthony, hows Harare? Hope you having fun. Saving up and coming to Zim next year.

  2. Lon

    Hi Soul and TechZimFellas;

    The site was exploited due to a universal weakness in Joomla & WordPress. So all of you who use this platform should take up a proactive approach and patch/upgrade to the latest version as soon as possible. Also if you have host IDS or network IPS turn them on to check for suspicious traffic:

    Details of the exploit are available here:

  3. Raymond Swart

    Most Joomla 1.5.xx sites hosted by local hosting companies are being “hacked”. Not sure whether it’s a Joomla issue or a hosting issue. CABS would be wise to upgrade to Joomla 2.5.

    1. tinm@n

      Not sure if you are correlating hacks happening because they are both 1.5 and locally hosted. The two would be mutually exclusive unless you are stating your suspicions that the hacker is specifically targetting local sites running J! 1.5. In which case I’ve just wasted text and time… 😀

      And true, if you are running J1.5, migrate to 2.5 ASAP. Joomla reached end of life in April. The last .26 patch(September), is most likely…eh… THE LAST. If one’s site is heavily dependent on, say, a bunch of 1.5 extensions then you will have to go through all the extensions’ code testing & fixing vulnerabilities. Its just a timebomb…migrate! I have a client with a 1.5 site and I know I have tonnes of work to do.

  4. ngth

    Here is the really scary thing… they got a brand new site only a couple of weeks ago. The one showing at the moment is their old one we have been seeing for years, but a couple of weeks ago I noticed that they had a new look and feel, I think it was developed by Cyberplex or at least thats what it had at the bottom.

    1. tinm@n

      I think its a good thing that they reverted to the old version due to the incident on the new one. Its actually standard practice.

      1. ngth

        I meant it was scary that a brand new site was hacked not even a month later. Hard to blame old unpatched code.

  5. Sam Takunda

    If devs don’t want to bother with the undelying CMS security issues (or don’t know how), they should stick to static site generators like Jekyl. Or even build using WP/Joomla and use the many plugins available for the CMSes that export the whole site as a static one. Then if there’s to be anything dynamic it should be from a read-only JSON endpoint o something.

  6. zvakaoma

    And the MBCA website has been hacked too!!

  7. mboko

    cabs wesbite www record pointing to zol IP .Ohh Cyberzol … Yoafrica was right … joomla uselesss

  8. oscar.habeenzu

    Oh finish, who did their website?