Hosting Firm InMotion Hacked, Thousands of Websites Defaced

Thousands of websites were compromised after hosting provider InMotion was hacked in the past week, raising new concern over the vulnerability of Web hosts to cyberattacks. Since Web hosts are used to keep websites online, and are used by most websites on the Internet, hackers are able to breach them and compromise thousands or tens of thousands of websites in one shot.

In the InMotion hacking, initially reported by digital security company Kaspersky’s ThreatPost, websites hosted by InMotion were defaced. In more extreme cases of the breach, hackers made “it difficult for site owners to recover and reload their sites.”

“At this time, the attack does not appear to have been any more malicious than replacing the web site’s home page,” Todd Robinson, the president of InMotion, wrote on the company’s message board.

He added that the goal of the hacker was to deface websites and did not target the company’s billing, domain management, or customer information system. Passwords to individual sites were not obtained either. InMotion also took steps to block similar attacks in the future.

The attack on InMotion wasn’t nearly as bad as it could have been, as previous incidents where hackers breached Web hosts have at times completely wiped websites from the Internet, and affected hundreds, if not thousands, of online businesses.

Hackers affiliated with AntiSec, a movement launched by Anonymous Operations and the nearly-defunct LulzSec hacker groups, breached JustHost and Australia-based DistributeIT in June. In the DistributeIT incidents, the company said nearly 5,000 websites were irrecoverably lost. No user data was stolen. Instead, the company said the hackers were just trying to do as much damage as possible.

Claiming responsibility for the InMotion attack, a hacker using the name Tiger-M@te said he defaced 700,000 websites, according to ThreatPost, citing a posting on InMotion’s forum. The company did not specify how many sites were affected.

“I hack 700000 websites in one shot, this may be a new world Record,” and the hack “was not just a server hack, actually whole data center got hacked,” reads an IRC message from Tiger-M@te obtained by ThreatPost. A Bangladeshi national, Tiger-M@te said he has “been hacking since 2007“ and works alone, according to an interview with The Hacker News in January.

When customers attempted to connect to their websites, they were alerted by their anti-virus software about malware transmitted via JavaScript, a Web coding language often used to create visual effects on websites, which may have been loaded onto the affected sites—a now commonly employed technique used by hackers.

An InMotion manager with the handle CristiN said on the forum that “while we cannot say at this time that 100% of the defaced accounts did not contain any malicious code, this is certainly not the norm.”

For help fixing your site, go to InMotion’s Defacement Fix due to TiGER-M@TE hack support page.