Hostgator Hosting Account Hacked!!

Today I noticed significantly low traffic and revenue for some of my main sites. At first I thought it was act of google god. So I checked the SERPS, but everything was fine. When I checked my sites, many of my sites were redirecting to searchportal.information.com ! I almost had a heart attack thinking that someone got hold of my domains from the registrar and is redirecting. But when I checked my account at enom, all the domains are safe and is pointing towards the correct name servers at hostgator.
When I checked my hosting account at hostgator I found most of my add-on domains were missing. That is when it struck me. Some cheater who is using the same shared hosting account at hostgator logged into my account and deleted all those domains from my account. He then added those domains to his account. Since the domains were pointing to the same nameservers, it was just a matter of adding an index page for each domain with searchportal.information.com opened in frames. ( See my site, http://www.domainnameswebhost.net/ ) Damn cheater!!!

I have contacted the live support guy at hostgator at around 4:30pm (US time). His first reaction was that the domain got expired. But later he understood that the domain is registered in my name till 2010 and there are several domains. He then asked me to send an email to support. Opened a support ticket and sent an email by 5:00pm. At 7:00 pm the linux system admin from hostgator support team moved the ticket to their security section. As I am posting this thread I am still waiting to hear back from them.
I will update this thread how their support team handle this issue.

I think this is a serious security issue. If they don’t terminate the account of the cheater, then anyone who is sharing the same server can get into trouble.

 

Yeah, BUT. Was the hacking of your account your fault any?

One of my sites was once hacked and completely defaced. Sure, I'd love to blame the hacker, because, well, he hacked me, but I was also to blame as there was a vulnerability in one of my scripts that let him walk right in. If I had kept my scripts up to date, it wouldn't have happened.

Do you know of anything like this in your case? Is your password a common one perhaps? Any old vulnerable scripts?

 

Thanks for putting this info out. I need to watch my domains now... Hope they delete the cheater's account.

Good luck...

 

Thanks for the reply.
Other than wordpress I only have one script used on this hosting account. That is snews on a subdomain. But that shouldn't be the problem since even if he is able to hack the domain, he shouldn't able to enter into my cpanel. When I logged into my capenl I found that the last login was from a different ip than mine.
Also I have a seperate password and login for my hosting and cpanel which I do not use anywhere else.

 

I did a search on google and found that this is not the first time the customers of HostGator is experiencing such horrible situation.
Read this: http://news.netcraft.com/archives/2...nel_security_hole_exploited_in_mass_hack.html

 

Never heard of that happeneing before...a true cautionary tale. But the cheater will lose his account just for a couple of days of traffic. What a waste.

 

By the folks,
Hostgator support team fixed the issue after almost 12 hours. They haven't told me what exactly went wrong. But I am glad that my sites are back and running.

 

I have seen this issue popping up with hostgator several times in the past 24 hours. Could be a problem with someone getting into hostgators system unauthorized.

 

It would be helpful if they let you know how it happened, unless of course it was a security flaw on their end, in which case they would want to keep that to themselves .

I'm sure other hosts get hacked too, this is just the 2nd Hostgator one I have read about this week though.

 

The support guy from hostgator told me it is probably a cpanel bug which caused the domains disapper from the add-on domain list. And he syas the domains were still there and working. It is just that it disappered from add-on domains list.

But I don't think that is the case, because 18 of my domains were showing a webpage with searchportal.information.com opened in frame. Also, my top traffic domain is a blog which was removed from the blog list at fantastico.

It could be a cpanel security issue or hostgator themselves is redirecting all the pages to searchportal.information.com on domains which are not properly set-up. But since I don't know the exact reason, I won't blame the hostgator guys completely. May be it's cpanel issue like this one: http://forums.digitalpoint.com/showthread.php?t=740313

 

I also use Hostgator and have found their email support team to be very slow. One time I waited 3 hours to get my cpanel pw reset. Eventually I just got a live chat agent to do it. Other than that HG has been great.

 

I also host atleast 10 domains with hostgator, yet to find any issues, the live chat is used by me frequently to sort out the issues and they are quite quick-have never used any other support systems though

 

yes, this has just happened to me today on 2 domains hosted within an aluminum account with hostgator.

i am trying to get onto hostgator about it now, but their website is timing out! if they give me an helpful advice i will post it here.

matt

 

OMG,this sounds bad.
I have been with Hostagator,but i nevre faced any sort of problems using it. Actually,i also use the Live Support in their homepage frequently and so i get all of my doubts cleared by that..
Better to take help from them always,if you have any sort of suspense in your account ...

 

You do the correct thing man! The guy who did these tricks is really stupid!

 

This definitely isn't a hacking. The url it was going to is the url we have setup on our servers so that if a domain doesn't exist we collect the traffic and send it there. Any money made off this page is then donated to charity.


Do you have a ticket number I can look at?

 

The netcraft url is from a cpanel exploit that affected thousands of hosts and took place over a year ago. (definitely not the issue)

 

How does everyone else like hostgator?

 

HostGator tends to be one of the better providers out there for their price bracket.

 

I love hostgator...I have two accounts and about 80 domains hosted with them....I have hacking problems all the time as well. The hacker uploads files via FTP...always stuff about khmercoder.