Hacked, yet again



All the news here about the website, the membership, announcements, and the very latest from 1959!
Post Reply
User avatar
Faulkner
Posts: 5031
Joined: Sun Mar 07, 2004 6:59 pm
Location: Upper Darby, PA
Contact:

Hacked, yet again

Post by Faulkner »

Yes - we were hacked last night by "TiGER-M@TE". Fortunately, the hack did not touch any databases, and just replaced some static files for which I had backups. (I have database backups too, but that gets messy!)

Everything should be back in working order, but if you should find otherwise, please let me know and I'll restore.

Thanks
Dan
"If it's new, Plymouth's got it!"
User avatar
Faulkner
Posts: 5031
Joined: Sun Mar 07, 2004 6:59 pm
Location: Upper Darby, PA
Contact:

Re: Hacked, yet again

Post by Faulkner »

Dear Daniel Morton,

As you may be aware already, our network, and potentially your account, was the target of a large scale website defacing attack on Sunday, September 25th. We understand and share the upset and frustration felt by all of our affected customers. Please know that we are working as fast as possible to help all customers repair their sites.

The defacement worked by replacing index files in all public_html directories with the attacker's index.php. At this time, it does not appear to be any more malicious than taking over the web site's home page, but we are still reviewing servers at this time.

We sincerely apologize for the delay in notifying you of the changes, but in the last day our focus has been on actively repairing sites via automated and manual systems. Most we have been able to successfully repair, but we want to be sure you are aware of the attack and you review your sites if you have not already done so.

If you were affected there are a couple scenarios you may see:

- Your site is normal. Our repair system has removed the index.php and restored the appropriate file. Please review your site for any directories that may have been missed and remove or replace the index.php as needed.

- Your site shows a directory listing - Our system has cleared the index.php but was not able to determine what to restore. You will need to replace the index files.

- Site shows a hacked page due to a defaced index.php . This is the defacement and that file needs to be replaced with your actual index files.

About getting support on this issue:

We are experiencing very high response times on calls, email, and chat currently due to helping customers repair their sites. We are happy to help, but with the volume currently, it is going to be a long wait for us to do it for you.

Please note: If your site was unaffected by the defacement and it is not an emergency, please hold your questions while we help customers repair their sites.

Additionally, our billing, domain management, and customer access system
(AMP) was not targeted, nor was available to the Cpanel management server. It is on a separate network and firewall.

Please accept our apologies as we go through this process. We are very aware of our failure in this situation and we will provide more details when we have completed the work of recovery.

Sincerely,

Todd Robinson
President
InMotion Hosting
"If it's new, Plymouth's got it!"
Post Reply