We are working very hard to correct the effects of the TiGER-M@TE hack on our blog. I receive notification of the hack via email about 8:11 AM – (At around 4am EST-hack was found) 4 hour response time to inform the customer. GOOD JOB INMOTION . As a gAtO gEeK I want to know the weakness and the de-contruction of the Tiger-M@te attack, but we can wait till after disaster recovery. The forensic team would love this hack. It’s unconfirmed but if you use windows, and clicked on the image– it would of launched a trojan-unconfirmed. We are working on the forensic’s of uscyberlabs.com-hack and will report back soon.
If you came to USCyberLabs.com from 4am EST to 8:30am EST- 9/27/2011– and “you saw the hacked site below“… you may want to run antivirus on your machine.
Update –> 11:02 am EST –This is were the gAtO says cloud-computing -OuCh. InMotion is a hosting service. They build a good security model and then apply it to everyone “the cloud solution”, but is this how we handle security on the cloud? Then if a hacker hacks the weakest link once anywhere in the construct, they can then replicated the hack to everyone on that cloud. Next Cloud jumping hackers. It’s all the same on the cloud, let’s think “outside the box“…….
I have my disagreement with InMotion but I think they are doing a fantastic job dealing with the crisis.
- They contacted the effected – uscyberlabs –via email >> gAtO
- They made a wiki so their customers could help themselves and be informed and updated. Defacement Fix due to TiGER-M@TE hack InMotion
Update –> 12:52 am EST — Re: What was the weakness? –
by TimS on Tue Sep 27, 2011 11:36 am
If you need further assistance please feel free to contact us.
Tim S. — Sep 12, 2011 11:27 am
At around 4am EST, our system administration team identified a website defacement attack affecting a large number of customers. We are still investigating, but it appears that files named index.php have been defaced.
We are evaluating how this has occurred and our security team will have more information shortly.
While we review this issue, cPanel and SSH access has been disabled on various platforms. For additional security, we are rotating passwords on a number of accounts. We will honor requests for password resets as they are needed but are attempting to limit the inconvenience to our customers as we’re able. FTP is still operational should you wish to access your files at this time and correct any issues you see yourself. We will be working diligently to make cPanel access available again as soon as possible.
If there is a defacement on your account, please know that our Systems team is working to get your site back online. If your index.php was modified, they will be restoring it from the most recent backup and no further action is necessary on your part. At this time, we do not have a definitive timeframe for resolution, but we will update this page as we gather more information.
We do apologize for this issue, let us know as you have further questions, we’ll be glad to answer them as we’re able. Please understand it will take our security team some time to review this issue before we can have a full explanation available.