UNIVERSITY WEBSITES HIJACKED TO SERVE PORNOGRAPHY

Researchers discovered that inactive university subdomains—many tied to defunct projects, old departments, or abandoned initiatives—lack proper oversight and security controls. Scammers exploit this negligence by gaining access and redirecting traffic to pornographic sites, damaging institutional reputation. The hijacked domains retain authority from their parent university websites, allowing them to rank highly in search results and appear legitimate to users. This makes them valuable real estate for malicious actors seeking to monetize adult content through advertising. The issue reflects broader challenges in digital housekeeping at large institutions. Universities often maintain thousands of subdomains across departments, research groups, and legacy systems. Without centralized inventory and monitoring, inactive domains become security blind spots. Expert recommendations include conducting subdomain audits, removing unused domains, implementing security headers, and establishing continuous monitoring. Universities are being urged to treat dormant web properties as potential vulnerabilities rather than harmless digital debris.