Dear Customer,

At around 4am EST, our system administration team identified a website defacement attack affecting a large number of customers.  We are still investigating, but it appears that files named index.php have been defaced.

We are evaluating how this has occurred and our security team will have more information shortly.

While we review this issue, cPanel and SSH access has been disabled on various platforms.  For additional security, we are rotating passwods on a number of accounts.  We will honor requests for password resets as they are needed but are attempting to limit the inconvenience to our customers as we're able.  FTP is still operational should you wish to access your files at this time and correct any issues you see yourself.  We will be working diligently to make cPanel access available again as soon as possible.

If there is a defacement on your account, please know that our Systems team is working to get your site back online.  If your index.php was modified, they will be restoring it from the most recent backup and no further action is necessary on your part.  At this time, we do not have a definitive timeframe for resolution, but we will update this page as we gather more information.

We do apologize for this issue, let us know as you have further questions, we'll be glad to answer them as we're able.  Please understand it will take our security team some time to review this issue before we can have a full explanation available.

11:45 AM EST Update

If you have a backup of your site, you may upload your index.php files to correct this. You may need to do this for each directory. If your site uses an index.html or index.htm, you will need to upload those files, then delete the index.php. You can find more help at How to restore a backup file.

It is possible our automated restore system will also be working on correcting the issue while you are. If you see this happen, just upload again.

If you do not have a backup of your site, it is best to wait until our automated system has completed its attempt at restoring. At this point, we feel that should solve a majority of the defaced sites.

We will be updating this page every hour, please check back here versus calling or chatting. Our team is currently working very hard and we are bringing in additional people, but the volume is greater than our Sunday staff is able to handle quickly at this time.

1 PM EST Update

Systems has been successful in restoring a portion of the affect sites. They are refining their repair method now and should be able to begin deploying the update to additional sites shortly. Please bear with us for another 1 hour when we feel we will have more information to share.

4:00pm EST Update
Our system's team is still working on the automated repairing. We have restored over 65% of the affected sites at this time and are continuing to do so via an automated process and with our technical support team.

For people who are fixing their sites themselves, we have a few additional suggestions. First, be sure to check all directories, the hacker targeted all directories within the public_html.

If you are not sure how to do this, once our system's team has completed their automated restores of home pages and general review of the changes we have made, they will be running an additional cleanup process that will look in directories for the hacked files. If the hacked files are found, they will be saved to hacked_page in the same directory.

Second, we have additional advice if you do not have a backup on your computer of your index.html and you are now seeing a directory listing instead of your site when you visit your URL. This means our automated restore system could not find a suitable file to restore to your account. Please go here, Site Backup Restore Options, for a few options to deal with this.

Most users should not see defacement on their site. If you do, it may be cached in your browser. Please refresh your browser by restarting it or by pushing CTRL-F5 (usually works, restart is best though). If you still see defacement, please do contact us via This email address is being protected from spambots. You need JavaScript enabled to view it. immediately for priority handling.

If you are seeing an empty directory, our system has not been able to locate your index files yet. If you have a backup of your index files, please upload them via ftp now (index.php, index.html, index.htm, etc.)

For those who do not have the files or who are unable to upload, our team is working on an automated solution now. Please see this link, Site Backup Restore Options, for a solution that may work for you.

Currently, Cpanel is disabled on all platforms as we evaluate the situation and apply patches to the security problems that allowed this to occur.  We should be able to enable access later today after running our final checks.   FTP access is still available though.

Best Regards,
The Web Hosting Hub Team

Did you find this article helpful?

We value your feedback!

Why was this article not helpful? (Check all that apply)
The article is too difficult or too technical to follow.
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
How did you find this article?
Please tell us how we can improve this article:
Email Address
Name

new! - Enter your name and email address above and we will post your feedback in the comments on this page!

Did you find this article helpful?

Comments

2011-10-05 8:28 pm
I checked to see why my WP files would have lost the WP - and found this article WHICH IS UNDATED!!
Staff
13,688 Points
2011-10-05 10:46 pm
Hi briegull,

I'm sorry about the lack of a date on our article, we will be fixing that shortly. If you would like us to look into the issue you are having with your site files, please feel free to either post a question in our Support Center or send us an email: support@webhostinghub.com.

Thank you,

-Christi N.

Post a Comment

Name:
Email Address:
Phone Number:
Comment:
Submit

Please note: Your name and comment will be displayed, but we will not show your email address.

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!
Need More Help?

Help Center Search

Current Customers

Email: support@WebHostingHub.com Ticket: Submit a Support Ticket
Call: 877-595-4HUB (4482)
757-416-6627 (Intl.)
Chat: Click To Chat Now

Ask the Community

Get help with your questions from our community of like-minded hosting users and Web Hosting Hub Staff.

Not a Customer?

Get web hosting from a company that is here to help.
}