Another week, another successful hacking attempt. This time, the victim was Web hosting provider InMotion, which was hacked 1:00am PST on Sunday morning by a Bangledeshi hacker called TiGER-M@TE. The hacker replaced index files in all public html directories with his own branded index.php, defacing the home pages of more than 500,000 websites. This file contained a nasty Trojan virus which would infect the computer of any visitors to those websites.
In an e-mail sent to users by InMotion president Todd Robinson, it was revealed the attack was launched by hacking into an internal management server that can control Cpanel on other servers. Fortunately, he does not believe the attack stole any data or compromised any existing passwords belonging to InMotion customers.
“As you may be aware, our network, and potentially your server, was the target of a large scale website defacing attack this morning, Sunday, the 25th. The defacement worked by replacing index files in all
public_html directories with the attacker’s index.php.
We understand the method the attacker used to accomplished this and the main exploit path was through an internal management server that can control Cpanel on other servers. The management server was used to change passwords on the Cpanel servers then login with those passwords. It does not appear that gaining passwords was a goal or was accomplished, just password changes were used. Access to the management server was gained from an exploited customer’s server that was within our network.
Though our team moved quickly to disable the internal management server and limit the exposure of the servers to this attack when it began, it was a very serious breach and could have been much worse if the hacker had intended to do more harm.
Please you review your sites if you have not already done so. If you have a backup of your site, you may upload your index.php files to correct this. You will most likely need to do this for each directory. If your site uses an index.html or index.htm, you will need to upload those files, then delete the index.php.”
InMotion’s resources were spread thin while trying to restore the hacked websites. In fact, they were unable to restore many of those sites and relied on their customers to provide a backup and/or restore their own websites. As a result, many of these sites are still down today.
It’s just another example of why no matter who your Web host is, your website may not be safe. So make sure you always backup!! And for added peace of mind take advantage of PCI Compliance scanning, which makes your Web host aware of security holes so they can patch them immediately. JT Website Design offers this service, because we believe your website is a valuable asset that deserves to be protected. Better yet, you can take advantage of our PCI Compliant web hosting, so we can stay on top of security holes for you.
Disclaimer: Nobody is hack-proof. Scanning your site for security holes will make your site less vulnerable, but in no way guarantees that you’ll never be hacked (after all, even Google has been hacked). However secure your server is, it is always a good idea to keep backups of your website… just in case.