Sorry we got hacked TiGER-M@TE hack

We are working very hard to correct the effects of the TiGER-M@TE hack on our blog. I receive notification of the hack via email about 8:11 AM – (At around 4am EST-hack was found) 4 hour response time to inform the customer. GOOD JOB INMOTION . As a gAtO gEeK I want to know the weakness and the de-contruction of the Tiger-M@te attack, but we can wait till after disaster recovery. The forensic team would love this hack. It’s unconfirmed but if you use windows, and clicked on the image– it would of launched a trojan-unconfirmed. We are working on the forensic’s of uscyberlabs.com-hack and will report back soon.

If you came to USCyberLabs.com from 4am EST to 8:30am EST- 9/27/2011– and “you saw the hacked site below“… you may want to run antivirus on your machine.

Update –> 11:02 am EST –This is were the gAtO says cloud-computing -OuCh. InMotion is a hosting service. They build a good security model and then apply it to everyone “the cloud solution”, but is this how we handle security on the cloud? Then if a hacker hacks the weakest link once anywhere in the construct, they can then replicated the hack to everyone on that cloud.  Next Cloud jumping hackers. It’s all the same on the cloud, let’s think “outside the box“…….

Tiger-M@te uscyberlabs hack - graphic no link

I have my disagreement with InMotion but I think they are doing a fantastic job dealing with the crisis.

 The article below has more information concerning that hack that affected InMotion Hosting on September 25, 2011. If you’re looking for information on how to fix your website, please see: Directory Listing / Defacement Fix due to TiGER-M@TE hack

 

 

Update –> 12:52 am EST — Re: What was the weakness? –

Postby TimS on Tue Sep 27, 2011 11:36 am

Hi Involution Media,Thanks for your comment. At this time, we have not yet released the full details of the hack. As more information becomes available, we will release more information that will not jeopardize the integrity of the servers. You can always check for updates at:http://inmotionhosting.com/status

If you need further assistance please feel free to contact us.

Thank you!

Tim S. —  Sep 12, 2011 11:27 am

 

Dear Customer,

At around 4am EST, our system administration team identified a website defacement attack affecting a large number of customers. We are still investigating, but it appears that files named index.php have been defaced.

We are evaluating how this has occurred and our security team will have more information shortly.

While we review this issue, cPanel and SSH access has been disabled on various platforms. For additional security, we are rotating passwords on a number of accounts. We will honor requests for password resets as they are needed but are attempting to limit the inconvenience to our customers as we’re able. FTP is still operational should you wish to access your files at this time and correct any issues you see yourself. We will be working diligently to make cPanel access available again as soon as possible.

If there is a defacement on your account, please know that our Systems team is working to get your site back online. If your index.php was modified, they will be restoring it from the most recent backup and no further action is necessary on your part. At this time, we do not have a definitive timeframe for resolution, but we will update this page as we gather more information.

We do apologize for this issue, let us know as you have further questions, we’ll be glad to answer them as we’re able. Please understand it will take our security team some time to review this issue before we can have a full explanation available.

Updates ..> http://www.inmotionhosting.com/20110925-systems-announcement.html

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: