GovITHub is the government program that proposes to create the community of those that believe in a digital future for Romania, by changing public services with the help of technology.
Few days ago I decided to do a security audit for ithub.gov.ro since they are dealing with personal data and you know my stance on privacy; by checking the output from the server, reading the site code and using various tools I have identified the following issues with the site:
If you don't give a crap about your Wordpress blog updates, your hosting account (or vps, droplet, instance) is probably infected with malware and one of them is the Shell File Manager. The script comes as an encoded PHP single file and can do serious damage to your server, it basically gives the attacker full access to the machine.
NOTE: do not, under any circumstances, run a PHP file that has eval-ed code inside. Always replace eval with echo so you can see what the actual code looks like, if you are eval-ing malicious code ... well ... you're screwed. Use a sandbox, chroot or virtual machine for your (computer) safety.
But the real interesting thing is not the name or the site or even the slogan: it's the fact that they're using a "nulled and stolen"theme called JustFit by MyThemeShop. Unfortunately for the letsvote.ro site creators, Fabrica De Social Media (no website for them, I wonder why), the people that put the original theme for download on the Themekiller website added some code to the footer of the theme that links back to the Themekiller.com website, as you ca see in the image below (the highlighted code). In case they remove the code from the page, you can always check the letsvote.ro version from the Web Archive (view the source of the page, scroll to bottom), since it's more permanent than a Google Cache.