InMotion, a large hosting provider based in California, was compromised in recent days and the attackers were able to replace the index files of thousands of sites, defacing them and in some cases making it difficult for site owners to recover and reload their sites.
The attack occurred on Sunday and the company posted a notice on its site about the incident, but many users posting on the company’s forums complained that they were never notified about the attack by InMotion. Some of them said that they only learned that their sites had been defaced when a customer or other third party informed them about it.
In a message posted on the company’s support forum, InMotion’s president said that the company had identified the vector that the attacker used to compromise its systems and determined that the only goal was to deface customer sites.
“The hacker used a system exploit to change a system password to allow him to access index files. We have blocked the exploit and changed the system password. As always though, it is recommended that you update your Cpanel and FTP passwords,” Todd Robinson wrote in the message. “Our systems team has blocked the exploit and is aggressively scanning for any other potential exploits.”
A hacker going by the handle Tiger-M@te claimed responsibility for the attack, and in a message posted by someone else in the InMotion forum, the hacker claimed that he had defaced 700,000 sites during the attack. The InMotion officials did not specify how many sites were affected, just saying that it was in the thousands. The author of the forum message said that he had spoken with the hacker via IRC. From the message:
“I hack 700000 websites in one shot, this may be a new world Record. After submitting 200,000 domains,zone-h was going down again and again and became almost unresponsive in the end.so i was unable to submit all websites.so i’ve listed all domains in attachment. It was not just a server hack, actually whole data center got hacked.”