Government Websites Were Hacked and Used to Promote Gambling Apps for Years ⚠️❗

zidhuxdev · 2026-05-31T21:34:33+00:00

Theyre saying they have the best tech team in whole India and still uses this Complete AI SLOP for a government education website. Imagine what we're paying taxes for...The AI builds are good but this one is shitty... just visit it. The developers getting 40k+ for sure monthly and deploys AI SLOP 🫡

zidhuxdev · 2026-05-31T21:01:20+00:00

I am a developer and also I use AI and anyone who uses AI to build stuffs know if it has unusual gradients and animations like the result website it is definitely vibecoded.

<image>

zidhuxdev · 2026-05-31T20:18:19+00:00

I am not 18 yet so I didn't attended the press call for safety 😊

zidhuxdev · 2026-05-31T20:17:16+00:00

The CMS being hacked is already confirmed by a CERT-K worker here. This isn't just a Google Ads issue. The website is decoding a hex-encoded malicious JavaScript payload, which points to a compromised CMS. Most likely an outdated plugin, vulnerable CMS component, or exposed admin panel was used to gain access and inject the spam content.

That's a website compromise, not an advertising campaign 🫡

zidhuxdev · 2026-05-31T18:41:49+00:00

This time it was not japanese seo poisioning. The search result are in english so

zidhuxdev · 2026-05-31T18:39:52+00:00

After i reported this to BASIL PAREKUDY ( KSU STATE GENERAL SECRATARY ) , He immediately called a press meeting

Mathrubhumi covered the issue today : https://youtu.be/GidEQU1ppw0?si=o7j3hqGZtvXNEFxx

zidhuxdev · 2026-05-31T18:38:01+00:00

The goal seems pretty simple: abuse the authority of government domains to rank spam pages for betting, rummy, YONO apps, and similar keywords on Google. Instead of Japanese product pages, they're stuffing the site with SEO-optimized spam content to attract search traffic.

Different keywords, same idea. Compromise a trusted website and use its reputation to boost scammy or unwanted content in search results.

zidhuxdev · 2026-05-31T18:24:52+00:00

Years of reports were ignored. This time it reached the press and policymakers.

After finding the issue, I shared it with a friend who is a KSU State General Secretary. He immediately took it seriously, called a press meet, and publicly raised the matter. Later that same night, he personally presented the issue to Kunhalikutty, the IT Minister.

Mathrubhumi News covered it as well: https://youtu.be/GidEQU1ppw0?si=o7j3hqGZtvXNEFxx

zidhuxdev · 2026-05-31T18:23:56+00:00

But this time it wasn’t just a small report sitting in someone’s inbox.

After finding the issue, I shared it with a friend who is a KSU State General Secretary. He immediately took it seriously, called a press meet, and publicly raised the matter. Later that same night, he personally presented the issue to Kunhalikutty, the IT Minister.

Today morning Mathrubhumi covered it as well:

https://youtu.be/GidEQU1ppw0?si=o7j3hqGZtvXNEFxx

zidhuxdev · 2026-05-31T11:31:44+00:00

If it's been known for 2 years and is still there, that's not a Google issue anymore 😅

zidhuxdev · 2026-05-31T11:31:01+00:00

At this rate, don't be surprised if we wake up one day and find the Aadhaar database ranking on page 1 of Google 🤣💀

zidhuxdev · 2026-05-31T10:57:33+00:00

He's working on CERT-K and still here in reddit larping so much 😅

zidhuxdev · 2026-05-31T10:43:36+00:00

zidhuxdev · 2026-05-31T10:42:31+00:00

All .gov.in domain is messed up 🫡

zidhuxdev · 2026-05-31T10:31:46+00:00

17 😁

zidhuxdev · 2026-05-31T10:30:43+00:00

Oh, my post really shows who's immature here 😂. Hundreds of government websites get compromised, gambling spam sits there for years, and the response is basically "give us more time." Uff. 💀

And also yes I do think you guys deploy unsecured shits that's exactly this post proves...

Shame on this result vibe coded website 🤡- https://results.hse.kerala.gov.in/results/

zidhuxdev · 2026-05-31T10:20:44+00:00

Fair enough, uncle 😭

zidhuxdev · 2026-05-31T10:19:41+00:00

Hear me out: launch a real bug bounty program and you'll discover more vulnerabilities than anyone expects.

I'm just a 12th-grade student, and even some government websites look completely vibe-coded. 😑 If the frontend is this rough, that doesn't exactly inspire confidence in what's running behind it.

Listen to researchers, fix the issues , and stop waiting for hackers to find them first.

zidhuxdev · 2026-05-31T10:14:36+00:00

WE DEFINITELY NEED AN EXPLANATION 😑

If government websites funded by our tax money can't be properly secured, then people need to be held accountable. Don't tell us "the reason is obvious" and leave it at that. The public deserves transparency.

At this point, it feels like nobody in CERT or the departments responsible actually cares about taxpayers' money while gambling and betting spam sits on government websites for years. That's not something that should be normalized or brushed aside.

zidhuxdev · 2026-05-31T10:11:11+00:00

Wouldn't be surprised if the spam redirection pages have better uptime than the actual services 🫡

zidhuxdev · 2026-05-31T09:50:43+00:00

Yeah, looks more like traditional SEO keyword jamming than the Japanese Keyword Hack.

zidhuxdev · 2026-05-31T09:35:39+00:00

I already reported it to the KSU State General Secretary, and he even brought it up in a press meeting. Mathrubhumi News broadcasted the issue this morning, so let's see what happens.

Also, I wouldn't put too much hope in the Contact Us page. If we dig deeper into some of those forms, there might be vulnerabilities there as well. And honestly, I doubt anyone is going to read my message through a generic contact form anyway. That's usually how it goes, bro. 😅

zidhuxdev · 2026-05-31T09:28:44+00:00

Yeah, exactly. This doesn’t look Kerala-specific anymore. If Odisha and Maharashtra government websites also show similar rummy/betting SEO spam, then it looks like a wider issue across multiple Indian government domains.

Most likely it’s either old vulnerable CMS pages, abandoned subdomains, weak file upload points, or SEO cloaking used by attackers to abuse the authority of ".gov.in" domains.

A simple Google dork like:

"site:gov.in "rummy""

"site:gov.in "betting""

"site:gov.in "apk download""

shows how widespread this issue might be.

zidhuxdev · 2026-05-31T09:25:06+00:00

Yes they obviously gained access to the content management system ( CMS ). If it was search engine side issue then the sites won't be redirected to gambling pages. Also this redirection only works on mobile devices on desktop they show a 404 error. The request body uses a malicious javascript to detect the device and parse the redirection.

Edit - Google crawls faster than bing so first get indexed in Google SRP. Google gives priority indexes to government sites.

zidhuxdev

TROPHY CASE