Another major GIS company appears to have encountered security issues. The incident occurred on July 25th. While casually browsing the Spicy GIS group chat, our editor noticed a member sharing a link with the caption "XX got hacked." Initially, the editor didn't pay much attention, assuming it was just another prank like the "Crazy Thursday send me 50" meme. About a week later, on August 2nd, the editor accidentally clicked that link and was surprised to discover that the website genuinely seemed to have been compromised.
Admittedly, the initial discovery was shocking—this is one of China's top-tier GIS companies after all. It highlights that security concerns should be a priority for organizations regardless of size; even the largest companies can have critical oversights.
Observed Behavior
When accessing the aforementioned URL, the page redirects to the following interface:
After 3-5 seconds, the page redirects again to a new domain:
The new domain name will not be displayed here. While it superficially resembles a video streaming site, the actual site name and content are inappropriate and even disturbing. This is a classic case of a website compromise.
Possible Causes
The editor attempted to access various subdirectories by removing path segments, but consistently encountered permission errors:
It appears issues previously existing in this directory path were identified and addressed, yet the original link remains mysteriously accessible. Searches on Baidu and Google yielded no further information about this specific path.
Ultimately, the editor referenced methods from a prior article "This Wuhan GIS SOE Website Exposes the Industry's Shame", using the Web Archive (Wayback Machine) for further investigation. Initial searches found nothing. After removing several directory levels from the URL, one archived record was discovered:
This result suggests the site series previously hosted tutorial documentation. The trail ends here for the editor. Insight from knowledgeable readers is welcome.
Web Archive URL:
https://web.archive.org/
Additional Context
The editor has previously reported on security incidents involving GIS vendors, such as the salary calculation exposure earlier this year ("Recovering Archived Web Content: A Wuhan Company's Controversial Webpage and GIS Industry Implications"), the incident where a GIS company's official site was found hosting illegal links ("Domain Security Alert: How a GIS Company's Website Became Vulnerable"), and even prior redirection hijacking issues on a major technical Q&A platform. Security is never a minor issue. Given that GIS-related operations often involve sensitive or classified data, it is crucial to remain vigilant about GIS security events, implement robust safeguards, and address any breaches promptly.