Update on the Site Hack from Server Host
Posted: Tue Sep 27, 2011 10:06 am
This is the notice I got in regard to the hack on Sunday. It appears that my initial assumptions on the cause of the hack were wrong. Atleast it means we were not directlly targetted and it was the result of a bot hack as I had guessed.
***Please do not reply directly to this automated message. Please visit
http://forum.inmotionhosting.com/viewforum.php?f=57 for more information ***
As you may be aware already, our network, and potentially your account,
was the target of a large scale website defacing attack on Sunday,
September 25th. We understand and share the upset and frustration felt
by all of our affected customers. Please know that we are working as
fast as possible to help all customers repair their sites.
The defacement worked by replacing index files in all public_html
directories with the attacker's index.php. At this time, it does not
appear to be any more malicious than taking over the web site's home
page, but we are still reviewing servers at this time.
We sincerely apologize for the delay in notifying you of the changes,
but in the last day our focus has been on actively repairing sites via
automated and manual systems. Most we have been able to successfully
repair, but we want to be sure you are aware of the attack and you
review your sites if you have not already done so.
If you were affected there are a couple scenarios you may see:
- Your site is normal. Our repair system has removed the index.php and
restored the appropriate file. Please review your site for any
directories that may have been missed and remove or replace the
index.php as needed.
- Your site shows a directory listing - Our system has cleared the
index.php but was not able to determine what to restore. You will need
to replace the index files.
- Site shows a hacked page due to a defaced index.php . This is the
defacement and that file needs to be replaced with your actual index files.
We have more information concerning the defacement, background on how it
happened, and examples of fixes for customers with sites using straight
html, wordpress, Premium Builder, Joomla, and more. We also have
examples for customers who do not have backups.
http://forum.inmotionhosting.com/viewforum.php?f=57
About getting support on this issue:
We are experiencing very high response times on calls, email, and chat
currently due to helping customers repair their sites. We are happy to
help, but with the volume currently, it is going to be a long wait for
us to do it for you.
Please note: If your site was unaffected by the defacement and it is not
an emergency, please hold your questions while we help customers repair
their sites.
Additionally, our billing, domain management, and customer access system
(AMP) was not targeted, nor was available to the Cpanel management
server. It is on a separate network and firewall.
Please accept our apologies as we go through this process. We are very
aware of our failure in this situation and we will provide more details
when we have completed the work of recovery.
Sincerely,
Todd Robinson
President
InMotion Hosting