http://threatpost.com/en_us/blogs/hosting-provider-inmotion-hacked-thousands-sites-affected-092811 By Dennis Fisher Threat Post September 28, 2011 InMotion, a large hosting provider based in California, was compromised in recent days and the attackers were able to replace the index files of thousands of sites, defacing them and in some cases making it difficult for site owners to recover and reload their sites. The attack occurred on Sunday and the company posted a notice on its site about the incident, but many users posting on the company's forums complained that they were never notified about the attack by InMotion. Some of them said that they only learned that their sites had been defaced when a customer or other third party informed them about it. In a message posted on the company's support forum, InMotion's president said that the company had identified the vector that the attacker used to compromise its systems and determined that the only goal was to deface customer sites. "The hacker used a system exploit to change a system password to allow him to access index files. We have blocked the exploit and changed the system password. As always though, it is recommended that you update your Cpanel and FTP passwords," Todd Robinson wrote in the message. "Our systems team has blocked the exploit and is aggressively scanning for any other potential exploits." [...] _____________________________________________________________ FINAL CALL to register #HITB2011KUL - Asia's premier deep-knowledge network security event now in it's 9th year! http://conference.hitb.org/hitbsecconf2011kul/Received on Wed Sep 28 2011 - 22:30:11 PDT
This archive was generated by hypermail 2.2.0 : Wed Sep 28 2011 - 22:34:23 PDT