InMotion, in an email to users, said Sunday that the homepage defacement attack launched by the southeast Asian hacker TiGER-M@TE was not meant to do permanent or catestrophic damage to the hundreds of thousands of websites that were hit.
“We understand the method the attacker used to accomplished this and the main exploit path was through an internal management server that can control Cpanel on other servers. The management server was used to change passwords on the Cpanel servers then login with those passwords,” said Todd Robinson, president of the hosting company.
The defacement attacked worked by replacing index files in all public_html directories with the attacker’s own branded index.php. InMotion does not believe that any data was stolen or that any passwords were compromised.
“It does not appear that gaining passwords was a goal or was accomplished, just password changes were used. Access to the management server was gained from an exploited customer’s server that was within our network,” Robinson said. “Though our team moved quickly to disable the internal management server and limit the exposure of the servers to this attack when it began, it
was a very serious breach and could have been much worse if the hacker had intended to do more harm.”
This does fit the modus operandi of TiGER-M@TE, who often claims to hack for fun or just to prove that “it can be done.”
Blast Magazine’s network of websites were defaced during the attack on InMotion, as was the offical City of Providence website.
InMotion took responsibility for failing to prevent the damage. Some estimates have the attack hitting more than 500,000 websites, making it historic in its proportions if not in its level of damage.
“Please accept our apologies as we go through this process,” Robinson said. “We are very aware of our failure in this situation and we will provide more details when we have completed the work of recovery.”
InMotion’s second failure was not actively notifying its customers of the breach.
I found out about it from a client who was screaming at me on the phone Sunday AM. I still have not received an email of any kind from InMotion.
Bad PR.
I noticed Sunday about 10PM EST that my website was affected. My site “techie” has the back-up so hopefully by tonight dogpackpoker.com will be back up.
I am curious Greg, is that one of our “RocketDog” trophies for the Dogpound Tournies?
UCanSeeMeNow
Same here. I never received any notification from them. I visited my site only to find a directory list.
Same here. I was never notified. Because I was very busy Sunday I did not check my site until that evening. The only reason its up now is because my web master got it back up. Good thing I didn’t wait for them.
I was planning on changing hosts anyway, they screwed up my SSL cert renewal a few months ago. I paid for it and they let it lapse.
I’ll never know how much business they cost me.
Everything seems resolved now.
InMotion didn’t notify me either. I just happened to check my website, and found out it was hacked. The new “Hacked Page” on my directory was a pretty good giveaway that something was amiss.
The hack is annoying, but InMotion’s lack of communication to it’s clients is just as bad.
What a bunch of Bull! We were never notified of any hacking. Luckly I backed up the site in July so we really haven’t lost much but what info the hackers may have stolen or worse left behind is impossible for us to tell. It’s going to take some time to restore the site which is dedicated to Search and Rescue.
Why don’t these low life go out and do something productive with their skills???
What a bunch of Bull! We were never notified of any hacking. Luckly I backed up the site in July so we really haven’t lost much but what info the hackers may have stolen or worse left behind is impossible for us to tell. It’s going to take some time to restore the site which is dedicated to Search and Rescue.
Why don’t these low life go out and do something productive with their skills???
I also didn’t receive any email notification, but I do receive once in every two month an account suspension because couple of small wp sites were making some mess to their server and I needed to install this super wp cache plugin in order to sanitize this mess. What it’s actually weird I did already had installed this plugin and thus those sites barely have one or two visitors per day so I am very disappointed at Inmotionhosting because they failed to prove them selves as no.1 hosting company as they are rated at some reviews. To me, now only matters urgent backup of my sites and move on to another host. If only I could access to my Cpanel, which I can’t as I speak.
BIG DISAPPOINTMENT.
I abandoned InMotion following a series of incredibly epic failures of communication and customer service, which are detailed with sources at ifindfault.com. Communication failures (both internal and customer-focused) have unfortunately proven to be the norm with InMotion in my experience. I now reside very happily at DreamHost.
Hi Everyone, this is Brad with InMotion Hosting.
I just wanted to touch base with everyone here. There is quite a bit of negitive feedback here, and rightfully so. We definately took a big here, which was our own fault, and we’re learning quite a bit from it.
If any of our users are in still need of help of fixing a blank or defaced page, we’ve been posting fix guides here:
http://forum.inmotionhosting.com/viewforum.php?f=57
We’ve also been helping out many users individually via PM, so please do PM us if you need any further assistance.
We also have an accouncement from our company president, which can be found here:
http://forum.inmotionhosting.com/viewtopic.php?f=57&t=37821
If anyone has additional questions, please let me know, we’re more than happy to help.
Thanks,
– Brad