Mass compromise at inmotionhosting.com

Thousands of sites were defaced today at InMotion hosting. The defacement was made by “TiGER-M@TE” and all of the affected sites showed the following text:

Server   Hacked   By   TiGER-M@TE

According to zone-h, they defaced at least 1,000 sites, and a list of the attacked sites can be viewed here: http://zone-h.org/archive/notifier=TiGER-M@TE

*It seems that some of the compromised sites were also at webhostinghub.com (both owned by the same company)
**We are tracking more than 10k sites already defaced.
***Update from their in their Twitter account: “inmotionhosting InMotion Hosting
Security team members have traced this vulnerability to an authentication system and are working to patch this now. “

8 comments
  1. Carefully go through a backup and replace index.php files where needed and delete all extra ones.  Make sure you have the correct index file as some are different.

    I was able to get my site back up as well as get back to my dashboard.  I scanned my site here and everything looks good.

  2. Hi dd,

    This is Brad with InMotion Hosting. I just wanted to stop by and say that we are hard at working on resolving this issue, and we are very sorry for the frustration and headaches that our customers had to wake up to this Sunday morning. We definitely understand how everyone feels. If anyone has questions, more details can be found at inmotionhosting.com/status

    Thanks,
    – Brad

  3. Non-technical savvy users are easily fooled by web hosting companies who falsely explain how far a total compromise could go. Security-minded guys will give you the following conclusions. 

    1 – InMotion said the goal of this mass hack is just to do defacement. 
        These hosting guys never know hackers have installed rootkits and backdoors for future access. 
        They think that it’s safe and simple as restoring clients’ web sites from backups. 
        Once a box is hacked at the root level, it can’t be trusted any more.

    2 – Hackers could have compromised the inMotion several weeks/months before. Finally, they’ve been aware that the exploit they use have been discovered/known by other same-minded hackers. They do mass defacement to notify inMotion guys to patch this hole. 

    We’ve seen mass hacking these days are not just for fun and fame. They have been used for generating revenue in black markets. Now, some clients are ready to move to other hostings. Others are just staying at inMotion and hoping for this mass hack not to happen again. Rest assured, this hack will not come back as hackers may now have future access at their will using backdoors that ultilize steathy covert channels to remotely do malicious stuffs. 

    Stay Secure.

Comments are closed.

You May Also Like