InMotion Hosting Hacked

0 Comments
[yasr_overall_rating] [yasr_visitor_votes]




Servers of InMotion Hosting have been hacked. The home page of InMotion Hosting is showing hacked, though some of the internal website pages are working fine.

Update 25-Sept, 4.45 AM CST: I was able to get in touch with the support team of Inmotion Hosting, and got this info:

there appears to be a mass server hack that has replaced the index file in the public_html of several accounts, we are working to do a full server restore on all servers to get that back up and running, unfortunately as there is an investigation going on now my details given to me are limited

 

Update 25-Sept, 5.02 AM CST: Many customers of InMotion Hosting have mentioned in comments below that it is easy to get your hacked website back up. If you have some old Index.php file, just copy that to the existing Index.php, and your website will probably be back up. This is because hackers seem to have replaced Index.php files on many accounts (InMotion support team also confirmed that above). I am trying this right now.

Update 25-Sept, 5.15 AM CST: Home Page of InMotion Hosting has been restored. Still no word from management on when will they restored the affected websites of customers, and how did this large scale hack happened.

Update 25-Sept, 12:30 PM CST: 1. In case your site did not have Index.php, but had Index.htm or Index.html, then you’ll need to restore those files, and delete Index.php

2. InMotion has confirmed that no customer information was compromised.

Here is the screenshot of the hacked page:

Inmotion Hacked

I have a couple of websites with InMotion Hosting, and they are also showing the same “Hacked” page.

There is no official word yet from InMotion Hosting on the extent of hack, and time it will take for websites to get back up.

What worries me most is that hackers might steal the credit card info that InMotion hosting would have stored. Also, I am really hoping that InMotion Hosting is able to get my websites back up, with all the data, and I don’t end up losing everything.

If you have more info about this, do post in comments. I will update this post when I hear something.

[yasr_overall_rating]
[yasr_visitor_votes]
Free/Paid: Free

Leave A Reply

What do you think?
  • 0
  • 0
  • 0
  • 0
  • 0
  • 0
73 Comments
  • Latest
  • Oldest
  • Hottest
kirpykla2011-10-09

How to restore cached picture “site hucked” from Google tools and google site privew?

kirpykla2011-10-09

My site was show hacked picture too. But now it was automatically restored and worked fine.

Kernel-Exploit2011-10-03

Non-technical savvy users are easily fooled by web hosting companies who falsely explain how far a total compromise could go. Security-minded guys will give you the following conclusions.

1 - InMotion said the goal of this mass hack is just to do defacement.
These hosting guys never know hackers have installed rootkits and backdoors for future access. They think that it’s safe and simple as restoring clients’ web sites from backups.
Once a box is hacked at the root level, it can’t be trusted any more.

2 - Hackers could have compromised the inMotion several weeksmonths before. Finally, they’ve been aware that the exploit they use have been discoveredknown by other same-minded hackers. They do mass defacement to notify inMotion guys to patch this hole.

We’ve seen mass hacking these days are not just for fun and fame. They have been used for generating revenue in black markets. Now, some clients are ready to move to other hostings. Others are just staying at inMotion and hoping for this mass hack not to happen again. Rest assured, this hack will not come back as hackers may now have future access at their will using backdoors that ultilize steathy covert channels to remotely do malicious stuffs.

Stay Secure.

Brad Markle2011-09-29

Hi @hosting,

This is Brad with InMotion Hosting.

If you need further assistance with fixing any defaced sites on your account, please touch base with me here - http:forum.inmotionhosting.comviewforum.php?f=57 - and I’ll be more than happy to assist.

You can find a message from our Company President as well here - http:forum.inmotionhosting.comviewtopic.php?f=57&t=37821

We’re here to help, we’re more than happy to.

Thanks,

  • Brad
Brad Markle2011-09-29

Hi 1WineDude,

I can totally see your point of view, as well as many other people.

By no means am I trying to make any excuses, this recent TiGER-M@TE hack hit us hard and was our fault.

Other users have been hacked in the past, and seem to think this is the same issue happening again and again, which it is not. This is the first time that this is an attack directly at our entire company, and actually got our own website as well. Many other hacks we’ve seen are targeted at individuals with security holes in their software on their account or out dated software running on their local computer.

For example, we’ve seen issues in the past with users who were hacked via FTP. We can see it in the ftp logs where a hacker simply logged in and upload new files to the user’s account. From much research, it appears that vulnerabilities in software on your computer can help hackers gain your credentials. For example, if you’ve ever connected to your account via FTP and clicked the option to save your password so you don’t have to type it in again, that username and password is stored somewhere on your computer. Vulnerabilities in programs made by companies such as Adobe can be exploited to get access to those usernames and passwords. If you use Firefox, I’m sure you’ve noticed that when you upgrade it tells you that your version of Adobe Reader is out of date. Why would Firefox make it such a big deal to tell you only about your out of date Adobe Software? Security Reasons.

Again, I’m not trying to make excuses, I hope that users understand that this hack is the first of its nature within our servers. This has hit us hard, but we are learning immensely from it and it will only help to make our company better.

I’m more than happy to help if anyone has any questions or further issues with defacements on their site. You can get in touch with me at the inmotion hosting forums - http:forum.inmotionhosting.comviewforum.php?f=57

Thanks,

  • Brad
1WineDude2011-09-26

I’ve got mixed feelings about this hack. On the one hand, I like InMotion’s support & responsiveness. On the other hand, this is the third hack that’s affected my website and the 2nd in a row that I’ve had to fix myself.

IMH has been pushing me a bit to upgrade to VPS but this issue and the long impact to dedicated and vps customers there has me totally reconsidering their service and looking at competitors. 😦

hosting2011-09-26

All my inmotion hosted websites are hacked… I am eager to know the attack and how it was possible….

jay2011-09-26

Just want to point out… it’s not one $5.95 customer vs your $315. There are potentially 1000’s of customers on a single shared server, making that machine quite valuable indeed.

Brandon2011-09-26

Looks like I stuck my foot in my mouth. Thanks for the explanation. I just got the email from Inmotion about what happened (I’m surprised at how much information they gave out! That’s cool though). So this hack wasn’t as unavoidable as I thought it was… I will be keeping an eye on the password policy, especially since I was about to go from a VPS to a dedicated in the near future.

AuzzieBloke2011-09-25

lol word on the street is that he compromised 700,000 sites, yay im so happy to be part of this 😛 NOT

“I hack 700000 websites in one shot, this may be a new world Record. After submitting 200,000 domains,zone-h was going down again and again and became almost unresponsive in the end.so i was unable to submit all websites.so i’ve listed all domains in attachment. It was not just a server hack, actually whole data center got hacked.”

Again we are all very lucky the hacker was naive really, and didn’t use it for nefarious purposes. But, saying that how do you know? I am restoring backups previous to the hack, and lose a days worth of data changes instead. You can’t be 100% sure other things were planted in there, if you don’t do this.

Powered by Waline v3.5.5