InMotionHosting Hacked

I woke up this morning to a text message from a friend: “Hey what do you do when your website is hacked,” he asked me? I logged into both of the website he runs and found a nice “Hacked” page from a Bangladesh hacker. Since he is on a shared server, I typed in the server hostname and found the entire server appeared compromised. At one point during the morning, InMotion’s front page also displayed the same error, and users were reporting they could not access their servers with their root username and password.

Luckily I just started running my own nameservers so I was able to redirect people to a different page after a few minutes.

This goes to show that not all web hosting companies are immune to attacks. While InMotion has fixed the issue, it will be interesting to see what their response to this will be.

The picture is what the server displayed this morning.

InMotion Got Hacked

 

 

 

 

 

 

 

Advertisements

2 thoughts on “InMotionHosting Hacked

  1. Do you know the extent of the attack, or what exactly caused it? Was this a case of someone’s password being stolen, or something bigger?

    Just curious.

  2. I would imagine a password would’ve had to be stolen on their server. According to InMotion, everyone’s index.php files were overwritten by the hacker, causing them all to display the same message. If you had an old index.php file you may have been able to fix it, but it’s just a band-aid until InMotion patches their servers.

    The hacker was Tiger-M@te and is the same hacker responsible for taking down numerous websites overseas (like hacking the DNS for one of Google’s domains, taking down a telecom company’s website, etc.)

    He doesn’t really do anything super-dangerous (even though he could). His hacks exploit zero-day vulnerabilities and they are easily fixable. Looks like he’s just out there to prove a point.

Comments are closed.