More than 30 YoAfrica hosted websites get hacked at same time

L.S.M Kabweza Avatar
hacked website

hacked websiteYesterday morning, we got tipped to the fact that some YoAfrica hosted websites had been hacked. It was just 2 websites so we figured it was anything to worry about but we contacted the company nonetheless and told them about it. As the day progressed, a few more people told us their websites had been hacked and checking where they were hosted all pointed to YoAfrica servers. Well, one server in particular. We told YoAfrica through the day of these developments we were getting.

Then, at the end of the day we decided to check which other websites the server hosted and we got quite a list of defaced websites. The following:

All websites were hacked by the same “Turkish” hacker called “ynR” (see screenshot above and below). We submitted the list to YoAfrica this morning when we discovered that the websites remained defaced and active. The sites being active a whole day after we notified them of the first signs of a problem was something of a surprise, and, quite frankly, a worry as well. See, usually when you advise a web host of a hacking issue, you expect them to immediately switch the hacked website off, block the hackers IP addresses, and advise the hacked client to fix the issue.

It’s important to note that not all websites on the server were hacked; in fact the majority of the sites we checked were not. This points to the fact that the hacking is at the site level. Of the hacked sites, the few we checked before publishing this story have been restored, which is great, but if the owners of the sites do not fix the issues, then another surprise lurks in the woods.

Asked for comment on the issue, the YoAfrica sent us the following:

There are constant, multiple attacks on web servers everywhere, particularly on weekends. Websites whose admins have allowed public write access to website files and folders are always vulnerable. This situation usually occurs with free Content Management Systems such as Joomla and WordPress.

Our customers (or their agents) have unfettered access to modify folder permissions to their liking and specifications, and any folder misconfigurations are a result of this access.

We are implementing a monitoring system to assist our clients in making the best decisions regarding folder permissions and security, in the hopes of preventing continued customer vulnerability.

YoAfrica will continue to provide affordable and reliable shared hosting systems, and will endeavour to keep clients, and the tech community at large, aware of security best practices regarding their web applications and folder permissions.

Here’s another screenshot (the second half of the hacked page):

hacked websites


  1. Concern Shoko

    Seems some hackers on Xmas leave (from their normal jobs), suddenly have nothing to do with their time…or shld i say they are bored and needless to say, African websites are easy targets…

    1. MM

      indeed these guys are targeting african sites they know IT investment is low in African board rooms

  2. Infinisystech

    ill bet they were all joomla websites, com_jce, com_user or the html editor compromised, and im sure its not the latest joomla version

    1. L.S.M. Kabweza

      No actually. Some Drupal & some WordPress

      1. WebDesigner7

        Thanks for confirming that

      2. Infinisystech

        so i guess its at the server level if its cutting across frameworks, but il still bet it started through joomla and propagated to others, kikiki

      3. moduledev

        l say again YoAFrica servers don’t know how to issue a simple 403 forbidden let alone detect bad robots

      4. moduledev

        The velocity (number of hits p/s ,p/m etc) from the same IP address was flag enough to raise suspicion asi unoudza ani

    2. tinm@n

      fixation with joomla-bashing. (shaking my strange head)

      1. WebDesigner7

        agreed, it usually comes from people who don’t understand joomla very well

        1. Infinisystech

          i know joomla more than anyone in zim, hence citation of com_jce, com_user , i keep up with the trends

          1. tinm@n

            what a childish declaration

            1. Member


          2. moduledev

            Please describe exactly the vulnerabilities on the mentioned components and lets see how far u know Joomla

            1. Infinisystech

              lol, i was js messing with you guys, im not not the best joomla developer, im just the best developer in any language

          3. Concern Shoko

            Thats NAIVE and ILL-ADVISED!!!

          4. Tapiwa ✔

            L.o.L. – and modest too. Mind sharing your website? I assume it’s the most secure in the country: the rest of us mere mortals could learn a thing or two. 🙂

  3. WebDesigner7

    The lack of urgency they treated the matter with is shockingly unprofessional and to have the audacity of blaming the clients instead of apologizing and rectifying the situation is bad. I have a client whom I advised to change web hosts. This was after receiving poor support pertaining to a hosting issue. Thanks Techzim for covering the article an updating the tech community. I hope YoAfrica improves but, i personally would wait a very long time before i recommend anyone to host with them

    1. Globalping

      come host with Globalping we dont get hacked 🙂 and our rates are better than yo.

  4. GlobalPing

    come host with Globalping we dont get hacked 🙂 and our rates are better than yo.

    1. tinm@n

      oh wow! cool! u dont get hacked… I bet my hairless bum, you also SPAM very well!

    2. Concern Shoko

      Have you tried your website contact-us form and see what happens???

    3. Robasta

      dude, u not serious!

    4. Anesu Michael Maposa

      He doesnt get hacked he get suspended. How come your own website is suspended? You cant even pay your own hosting bill?

  5. Member

    Used to host with yoafrica, each time they where hacked they would blame joomla, fun enough most of my sites heacked where plain html. so I MOVED OUT. they got many issues but in most cases they blame clients. word of advise, anyone in need of serious hosting, consider going international, it will save a lot of talking talking…

    1. Infinisystech

      dude, you will still get hacked on international, worse still some of em like go daddy will js kwachura yo site and tell you to go hang coz your compromised site migh affect others, no back up, no sorry

      1. Concern Shoko

        You can try us as

      2. Member

        Fortunately ever since I moved there was never any hacking experience. 3 years no hacking no what, if there is any security issue they inform me in time to fix it friendly, They had never blamed me on anything, lots of discounts with SUPERIOR service and support. Anytime I want help I go to their live chat but with yoafrica you will be told until the right guy comes in and sometimes it seemed the right guys are part time etc. At the end of the day, it is business and the choice remains with the developers and clients. Those who feel they are having a great service let them use it and those think otherwise are free to move. Also same with airing your opinions.

  6. Tich

    I checked most of the sites and I noted that most of them have not been compromised. One or a few sites on the server were actually hacked and the host IP was blacklisted. Its unfortunate that some innocent clients would have to suffer until YoAfirca applies for whitelisting of this IP. All having said, YoAfrica has to up their game when it comes to security.

  7. allan

    blaming file and folder permissions. rookie move there yoafrica!

  8. anthonysomerset

    It will likely be poorly maintained websites so scripts/frameworks out of date (not updated) and then coupled with what seems a lack of proper security config on YoAfrica’s part to blame – the fact that users are needing to give world write permissions in the first place suggests YoAfrica are making some fundamental mistakes with there hosting platform

    I manage websites and infra for a living and i were to even behave remotely like YoAfrica, i would be out of business very quickly – Seems there customers need to vote with there wallet – unfortunately my guess is that most of those hacked dont know much about internet security and will believe what YoAfrica tell them

  9. Anesu Michael Maposa

    Truth of the matter is website owners forget that a website is a work in progress. People don’t set aside budgets for website maintenance so they sites are set aside after they are done that’s why they fall into these problems. Even if you don’t service your car, it will pack up one day.