We have investigated the hack further, and from what we can see, the hacker's only goal was to deface your sites (and ours too). No sensitive account information of yours located in your Account Management Panel (credit card information, or contact details) were compromised. Web Hosting Hub regards the security of our customers sensitive information as extremely important.
We are currently assisting, as quickly as possible, many customers who are unable to fix their sites themselves. If you are able, we ask that you make changes yourself following the instructions found in the Quick Links of our Systems Announcement.
We are happy to assist further if you still need help. We thank you for your patience as it will take us a while due to the large volume of requests at this time.
The Web Hosting Hub network (and users on the servers) was the target of a website defacing attack on Sunday, September 25, 2011.
As I'm sure everyone is aware of, we are seeing more and more of these types of attacks all across the internet. Hackers continue to become progressively more aggressive in their methods and actually pride themselves on the number of people they can affect with these attacks.
As our own site was a target as well, please know we are just as upset and frustrated with this entire situation and we are working as fast as possible to help anyone affected repair their sites.
Further research has helped us to understand the method this attacker used and steps have already been taken to block future similar attacks. From the information available, the goal of this hacker was to deface sites by replacing user's index pages with the hacker's index file.
At this point, we understand the method the attacker used and we have already taken needed steps to block future similar attacks. At this time, the attack does not appear to have been any more malicious than replacing the web site's home page; the defacement worked by replacing index files in all public_html directories with the attacker's index.php file.
- Defacing sites was this hacker's goal
- The Account Management Panel (AMP) was not targeted or available to the affected network and servers. Obtaining passwords was not a goal of this hacker and did not occur. A system exploit was utilized by the hacker to change passwords which then allowed him to access site index files. The exploit has been blocked at this time. We do recommend, in light of this attack, users should update their cPanel and FTP passwords.
- The exploit has been blocked by our Systems Team and they are diligently scanning for any other potential exploits.
In conclusion, though we moved quickly to disable this attack and limit as best we could the number of customers affected, we take this breach very seriously. We of course are very aware of potential threats and protecting your website is of great concern to us. Prior to the attack our security record has been excellent and we see this breach as a failure. Please understand that as a company and as individuals we are quite disappointed in ourselves and feel this should not have occurred. This attack will serve to push us to work even harder on security in the future.