At around 4am EST, our system administration team identified a website defacement attack affecting a large number of customers. We are still investigating, but it appears that files named index.php have been defaced.
We are evaluating how this has occurred and our security team will have more information shortly.
While we review this issue, cPanel and SSH access has been disabled on various platforms. For additional security, we are rotating passwods on a number of accounts. We will honor requests for password resets as they are needed but are attempting to limit the inconvenience to our customers as we're able. FTP is still operational should you wish to access your files at this time and correct any issues you see yourself. We will be working diligently to make cPanel access available again as soon as possible.
If there is a defacement on your account, please know that our Systems team is working to get your site back online. If your index.php was modified, they will be restoring it from the most recent backup and no further action is necessary on your part. At this time, we do not have a definitive timeframe for resolution, but we will update this page as we gather more information.
We do apologize for this issue, let us know as you have further questions, we'll be glad to answer them as we're able. Please understand it will take our security team some time to review this issue before we can have a full explanation available.
11:45 AM EST Update
If you have a backup of your site, you may upload your index.php files to correct this. You may need to do this for each directory. If your site uses an index.html or index.htm, you will need to upload those files, then delete the index.php. You can find more help at How to restore a backup file.
It is possible our automated restore system will also be working on correcting the issue while you are. If you see this happen, just upload again.
If you do not have a backup of your site, it is best to wait until our automated system has completed its attempt at restoring. At this point, we feel that should solve a majority of the defaced sites.
We will be updating this page every hour, please check back here versus calling or chatting. Our team is currently working very hard and we are bringing in additional people, but the volume is greater than our Sunday staff is able to handle quickly at this time.
1 PM EST Update
Systems has been successful in restoring a portion of the affect sites. They are refining their repair method now and should be able to begin deploying the update to additional sites shortly. Please bear with us for another 1 hour when we feel we will have more information to share.
4:00pm EST Update
Our system's team is still working on the automated repairing. We have restored over 65% of the affected sites at this time and are continuing to do so via an automated process and with our technical support team.
For people who are fixing their sites themselves, we have a few additional suggestions. First, be sure to check all directories, the hacker targeted all directories within the public_html.
If you are not sure how to do this, once our system's team has completed their automated restores of home pages and general review of the changes we have made, they will be running an additional cleanup process that will look in directories for the hacked files. If the hacked files are found, they will be saved to hacked_page in the same directory.
Second, we have additional advice if you do not have a backup on your computer of your index.html and you are now seeing a directory listing instead of your site when you visit your URL. This means our automated restore system could not find a suitable file to restore to your account. Please go here, Site Backup Restore Options, for a few options to deal with this.
Most users should not see defacement on their site. If you do, it may be cached in your browser. Please refresh your browser by restarting it or by pushing CTRL-F5 (usually works, restart is best though). If you still see defacement, please do contact us via
immediately for priority handling.
If you are seeing an empty directory, our system has not been able to locate your index files yet. If you have a backup of your index files, please upload them via ftp now (index.php, index.html, index.htm, etc.)
For those who do not have the files or who are unable to upload, our team is working on an automated solution now. Please see this link, Site Backup Restore Options, for a solution that may work for you.
Currently, Cpanel is disabled on all platforms as we evaluate the situation and apply patches to the security problems that allowed this to occur. We should be able to enable access later today after running our final checks. FTP access is still available though.
The Web Hosting Hub Team