We have investigated the hack further, and from what we can see, the hacker's only goal was to deface your sites (and ours too). No sensitive account information of yours located in your Account Management Panel (credit card information, or contact details) were compromised. Web Hosting Hub regards the security of our customers sensitive information as extremely important.

We are currently assisting, as quickly as possible, many customers who are unable to fix their sites themselves. If you are able, we ask that you make changes yourself following the instructions found in the Quick Links of our Systems Announcement.

We are happy to assist further if you still need help. We thank you for your patience as it will take us a while due to the large volume of requests at this time.

What Happened:

The Web Hosting Hub network (and users on the servers) was the target of a website defacing attack on Sunday, September 25, 2011.

As I'm sure everyone is aware of, we are seeing more and more of these types of attacks all across the internet. Hackers continue to become progressively more aggressive in their methods and actually pride themselves on the number of people they can affect with these attacks.

As our own site was a target as well, please know we are just as upset and frustrated with this entire situation and we are working as fast as possible to help anyone affected repair their sites.

Further research has helped us to understand the method this attacker used and steps have already been taken  to block future similar attacks. From the information available, the goal of this hacker was to deface sites by replacing user's index pages with the hacker's index file.

At this point, we understand the method the attacker used and we have already taken needed steps to block future similar attacks. At this time, the attack does not appear to have been any more malicious than replacing the web site's home page; the defacement worked by replacing index files in all public_html directories with the attacker's index.php file.

Important Notes:

  • Defacing sites was this hacker's goal
  • The Account Management Panel (AMP) was not targeted or available to the affected network and servers. Obtaining passwords was not a goal of this hacker and did not occur. A system exploit was utilized by the hacker to change passwords which then allowed him to access site index files. The exploit has been blocked at this time. We do recommend, in light of this attack, users should update their cPanel and FTP passwords.
  • The exploit has been blocked by our Systems Team and they are diligently scanning for any other potential exploits.

In conclusion, though we moved quickly to disable this attack and limit as best we could the number of customers affected, we take this breach very seriously. We of course are very aware of potential threats and protecting your website is of great concern to us. Prior to the attack our security record has been excellent and we see this breach as a failure. Please understand that as a company and as individuals we are quite disappointed in ourselves and feel this should not have occurred. This attack will serve to push us to work even harder on security in the future.

Did you find this article helpful?

We value your feedback!

Why was this article not helpful? (Check all that apply)
The article is too difficult or too technical to follow.
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
How did you find this article?
Please tell us how we can improve this article:
Email Address
Name

new! - Enter your name and email address above and we will post your feedback in the comments on this page!

Did you find this article helpful?

Post a Comment

Name:
Email Address:
Phone Number:
Comment:
Submit

Please note: Your name and comment will be displayed, but we will not show your email address.

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!

Help Center Search

Current Customers

Email: support@WebHostingHub.com Ticket: Submit a Support Ticket
Call: 877-595-4HUB (4482)
757-416-6627 (Intl.)
Chat: Click To Chat Now

Ask the Community

Get help with your questions from our community of like-minded hosting users and Web Hosting Hub Staff.

Not a Customer?

Get web hosting from a company that is here to help.