Hosting Provider InMotion Hacked, Thousands of Sites Affected

[InfoSec News <alerts () infosecnews org>]

http://threatpost.com/en_us/blogs/hosting-provider-inmotion-hacked-thousands-sites-affected-092811

By Dennis Fisher
Threat Post
September 28, 2011

InMotion, a large hosting provider based in California, was compromised 
in recent days and the attackers were able to replace the index files of 
thousands of sites, defacing them and in some cases making it difficult 
for site owners to recover and reload their sites.

The attack occurred on Sunday and the company posted a notice on its 
site about the incident, but many users posting on the company's forums 
complained that they were never notified about the attack by InMotion. 
Some of them said that they only learned that their sites had been 
defaced when a customer or other third party informed them about it.

In a message posted on the company's support forum, InMotion's president 
said that the company had identified the vector that the attacker used 
to compromise its systems and determined that the only goal was to 
deface customer sites.

"The hacker used a system exploit to change a system password to allow 
him to access index files. We have blocked the exploit and changed the 
system password. As always though, it is recommended that you update 
your Cpanel and FTP passwords," Todd Robinson wrote in the message. "Our 
systems team has blocked the exploit and is aggressively scanning for 
any other potential exploits."

[...]


_____________________________________________________________
FINAL CALL to register #HITB2011KUL - Asia's premier
deep-knowledge network security event now in it's 9th year!
http://conference.hitb.org/hitbsecconf2011kul/