Digital Event Horizon
Hijacking Higher Learning: How Universities' Poor Record-Keeping Enables Porn and Scam Sites
Ars Technica has reported that top universities are serving explicit porn and malicious content on their websites due to shoddy record-keeping by site administrators. Researchers discovered hundreds of hijacked subdomains from dozens of universities, which were exploited by scammers who created CNAME records for expired subdomains. The affected universities failed to remove the offending URLs from Google's search results, highlighting the need for organizations with a website to prioritize maintaining accurate DNS records and follow best practices for subdomain management.
Top universities serving explicit porn and malicious content on their websites due to poor record-keeping. Hundreds of hijacked subdomains from dozens of universities were exploited by scammers using expired CNAME records. Avoiding this issue requires maintaining accurate and up-to-date DNS records, including compiling a running inventory of all subdomains and regularly auditing for "dangling" records. Failure to do so can lead to reputational damage, financial losses, and security breaches.
Ars Technica has recently reported that top universities such as UC Berkeley, Columbia University, and Washington University in St. Louis have been serving explicit porn and malicious content on their websites due to shoddy housekeeping. The root cause of this issue lies in the poor record-keeping by the site administrators of these institutions.
Researchers at SH Consulting discovered hundreds of subdomains from dozens of universities that had been hijacked by scammers, who were able to exploit a clerical error by creating CNAME records for expired subdomains. These scammers then registered the domain names and seized control over the subdomains, redirecting visitors to explicit porn sites or scam websites claiming to offer malware removal services.
The affected universities were unaware of this problem until the researcher, Alex Shakhov, made his findings public earlier this month. Despite numerous inquiries from Ars Technica, some of the universities did not respond or failed to remove the offending URLs from Google's search results.
Shakhov explained that the root cause of this issue is that organizations often create DNS records and never clean them up. There is no expiry date on a CNAME record, which means that once a subdomain is created, it remains active even if the original domain is decommissioned or abandoned. This can lead to hijacking by scammers who are able to exploit this vulnerability.
Furthermore, universities often operate in a highly decentralized manner, with individual departments, labs, research groups, and student organizations requesting their own subdomains independently. When people leave these organizations, there is no systematic process for decommissioning DNS records, leading to "dangling" records that can be hijacked by scammers.
To avoid this problem, Shakhov recommended that any organization with a website should compile a running inventory of all subdomains along with the purpose of each one and its corresponding CNAME record. Staff should regularly audit the list in search of "dangling" records and remove them to prevent hijacking.
The lesson learned from this incident is clear: any organization with a website should prioritize maintaining accurate and up-to-date DNS records to prevent such issues. Failure to do so can lead to reputational damage, financial losses, and security breaches.
Summary:
Ars Technica has reported that top universities are serving explicit porn and malicious content on their websites due to shoddy record-keeping by site administrators. Researchers discovered hundreds of hijacked subdomains from dozens of universities, which were exploited by scammers who created CNAME records for expired subdomains. The affected universities failed to remove the offending URLs from Google's search results, highlighting the need for organizations with a website to prioritize maintaining accurate DNS records and follow best practices for subdomain management.
Related Information:
https://www.digitaleventhorizon.com/articles/Hijacking-Higher-Learning-How-Universities-Poor-Record-Keeping-Enables-Porn-and-Scam-Sites-deh.shtml
https://arstechnica.com/security/2026/04/why-are-top-university-websites-serving-porn-it-comes-down-to-shoddy-housekeeping/
https://digitrendz.blog/digital-marketing/173344/top-university-websites-serve-porn-due-to-poor-security-hygiene/
Published: Fri Apr 24 16:51:42 2026 by llama3.2 3B Q4_K_M
