Network Solutions Addresses the Issue

We have identified this issue affecting Network Solutions hosting customers. We are making changes to our system and reinforcing measures to protect customers hosted with us.

We also want to set the record straight about the scope of the situation. With the information we have at this time, the impact is to approximately 5% of our hosting customers. However, no matter how few customers have been impacted, it’s too many. We take this issue very seriously. We have multiple teams working tirelessly to address it and work with our customers. No personally identifiable or financial information was impacted by this issue.

Here is what we are doing for our customers:

a) Proactively working to get our customers’ web sites back to normal.

b) Conducting a complete analysis of the issue and testing the measures we are putting into place to prevent recurrence.

c) Making changes to some hosting FTP passwords. As part of our preventative steps, we had to quickly change FTP passwords for certain customers and we notified customers after the fact. We realize this is a painful experience especially for those who are performing updates via FTP, and we sincerely apologize for not being able to communicate this in advance.

d) We are also continuing to reset FTP passwords for certain other customers and will complete this process over the next few days.

Here is what Network Solutions hosting customers should do:

Please check your website to make sure it’s rendering correctly in a browser.
If you received an email and your FTP password was reset please change it to your desired password. Due to the speed at which we had to implement protective measures there are a few customers who may have to reset their password more than once. Again, we regret the inconvenience.

It is always a good practice to keep your security and malware system scans up-to-date and run them regularly on all of your computers.

Our customer support teams are on alert to help customers. Please email us at listen@networksolutions.com if you are a customer and need assistance.

We will continue to keep you updated here as more information becomes available. Because of the likelihood that the perpetrators might be monitoring social media channels we have not been as open in our communications as we would like to be – as the saying goes “Loose lips, sink ships

Find us on Facebook and follow us on Twitter for more posts like this!

Brought to you by Network Solutions®

Network Solutions

At Network Solutions®, we focus on helping small businesses start and market their businesses on the Web, enabling them to realize their dreams of self-reliance, entrepreneurship, creativity, and financial independence. We pioneered the service for creating and acquiring specific "web addresses" (known as domain name registration), and today offer a full range of Web-related services. In addition to domain name registration, we offer Web site design and hosting, e-commerce solutions, online security products, and search engine marketing and optimization. You can find us on the web at www.networksolutions.com.

Small Business Community

Network Solutions® understands and appreciates what life is like for the small business owner "their challenges, questions, and concerns" and has developed a host of resources that forms our small business community. This includes blogs like Solutions Are Power, Grow Smart Business, Unintentional Entrepreneur and Women Grow Business.

We also provide resources for connecting small business owners like our networking site, MySolutionsSpot.com and our web developer community, LinkTogether to support small businesses in every aspect of their business.

http://www.ubervu.com/conversations/blog.networksolutions.com/2010/network-solutions-addresses-the-issue/ uberVU – social comments

Social comments and analytics for this post…

This post was mentioned on Twitter by thekenyeung: Net Sol Blog: Network Solutions Addresses the Issue http://cli.gs/JSsbr...
jim

how about telling us what going on with email. spotty or no email all day
http://www.networksolutions.com/small-business/getting-online.jsp Network Solutions

Please let us know if you are still having issues. Email traffic should be normal now.
Mark

Emails to my account are still getting returned as undeliverable
Pissed Off

What about all the people whose sites now show up as “This site may be harmful to your computer.” on Google. Great, all that time spent on SEO and great content down the drain. I can't wait to have to try getting things back to normal on that front. Extremely disappointing.
DuneSandChigger

Well, the malicious javascript code inserters have hit my site now. As soon as I discovered the problem, I uploaded copies from my disks.

They came back and reinfected them less than an hour later.

I logged in and changed my FTP password. The change should go through in minutes, but it's been nearly an hour now and I can't log in at all.

Also, the database back ups on my blog have been disabled. When I try to re-enable them, I get an error about the database username and the backup change won't go through.

Come on, people, get your acts together!
parkerp

Not able to take database backup and all backup is deleted. getting disconnection with ftp every few minute
Patricia Farrell, OP

It's too bad you didn't pay attention to us when our website was hacked in January. Instead you told us then that it was something on our end. We have since discovered, after our second hack, that the software on the server was not updated, and there was Frontpage software on it that we had never authorized. The vulnerabilities were on your end, and now look what you've got going.
Patrick

My email server at Networksolutions has been down for 18 hours so far. Obviously, I cannot read or respond to email and my business is dead in the water. Please resolve this as soon as possible!!!
http://www.bruceflinn.com/blog/ Bruce A Flinn

Just tested email from one of my sites 30 minutes ago – bestpoconovacation.com – nothing has come through yet. Has been down for all my sites since yesterday around 3:29 pm EST.
jimlabelle

Why do we have to go to the Network Solutions blog to find out about security issues AFTER THE FACT? You should be proactive and notify all of your customers by email as soon as these issues are identified.
Long Time Customer

My index.htm / index.php files were re-written with malicious code early on the morning of 04/21. The files appeared to be cleaned up around the noon hour, but have been exploited again since then. This episode has really shaken my confidence in Network Solutions. Clearly someone has “owned” your servers for the past couple days.
http://www.njnvideo.com Stephen Pate

4/21 my site is infected again and your Account Manager awstats page is infected.
http://www.industriasrihan.com silva

Same as jim, email works intermitent and happeing with diverse users. If forwarder in webmail is active, mail stays more stable.
Robert

All my wordpress files had code inserted on 4/21 at about 7:49pm – this affected all the wordpress/index.php files in several wordpress installs on different mysql databases. My Joomla installation was unaffected.

It's all code inserted at the end of the php file and decodes to the following:
http://jsunpack.jeek.org/dec/go?report=b370ae65…

(inserting an iframe that opens up to http://hugeadsorg.com/grep)

I've restored all the index.php but that's obviously not a real solution since it's only a matter of time before it happens again. Checked the database table that was affected last time (wp_options) but it's fine this time around – ? Someone? Anyone?
http://twitter.com/sdpate sdpate

I lost 2 sites last night, when I checked awstats tonight it was infected with the trojan, and at midnight my prime site NJN Network went down. You need to hire someone who understands network security. The last three weeks of my life have been spent watching a company who prides themselves on excellence self destruct. Not pretty.
http://www.kareldonk.com Karel

The password to my site was reset, and yet the script continues to run apparently because my index files have been changed again.

How can it be that you guys got hacked again? I've had issues in february/march already when sites were being defaced and now this.
Karel

STILL having issues! Eventhough password was reset.
Bob

My site hacked again at 7:58 am this morning server time. 4/22
Different code this time.

ftp passwords were changed but I'm going to see if it was changed again like last time.
http://www.ZbarazGenealogia.com Catherine

My AW Stats aren't reporting up-to-date … and I can't access my Raw Log files at all. Is this all part of the problem? When can I expect to be able to get this data?
http://www.appsolve.com Steven Fisher

Mark,

Are you still having this issue with your email?

If you need more help, please contact us at listen@networksolutions.com or at 1-800-333-7680.
http://www.appsolve.com Steven Fisher

We apologize that you have had to experience this issue but if you are still having issues, please check out this post on the instructions to check your site:
http://blog.networksolutions.com/2010/what-to-d…

and this one on changing your FTP passwords:
http://blog.networksolutions.com/2010/alert-hos…

If you need more help, please contact us at listen@networksolutions.com or at 1-800-333-7680.
http://www.appsolve.com Steven Fisher

Patrick,

We apologize that your business had to experience this issue, but if you are still having problems, please check out this post on the instructions to check your site:
http://blog.networksolutions.com/2010/what-to-d…

and this one on changing your FTP passwords:
http://blog.networksolutions.com/2010/alert-hos…

If you need more help, please contact us at listen@networksolutions.com or at 1-800-333-7680.
http://www.appsolve.com Steven Fisher

Karel,

We apologize that your business had to experience this issue, but if you are still having problems, please check out this post on the instructions to check your site:
http://blog.networksolutions.com/2010/what-to-d…

and this one on changing your FTP passwords:
http://blog.networksolutions.com/2010/alert-hos…

If you need more help, please contact us at listen@networksolutions.com or at 1-800-333-7680.
http://www.appsolve.com Steven Fisher

Gerardo,

We apologize that you had to experience this issue, but if you are still having problems, please check out this post on the instructions to check your site:
http://blog.networksolutions.com/2010/what-to-d…

and this one on changing your FTP passwords:
http://blog.networksolutions.com/2010/alert-hos…

If you need more help, please contact us at listen@networksolutions.com or at 1-800-333-7680.
http://www.ditchwalk.com/2010/04/23/is-it-safe/ Is It Safe? | Ditchwalk

[...] The good news was that I was not alone, and not being singled out. To the extent that my site host was getting creamed, they are also one of the largest hosting providers, and I knew that they would be sparing no expense and effort to plug the hole. Having already petitioned Google for a review of the site, I simply maintained vigilance and deleted the code the next time it was injected. Shortly after that Google released my site from its search warnings, and the next day my site host declared the problem solved. [...]
http://peninsulasikclub.com Edie Colbert

Every time I go to Network Solutions to update my web site the security lock has a red ! over it and I get a security msg (You have requested an encrypted page that contains some unencrypted information. Information that you see or enter on this page could easily be read by a third party.) What is the problem?

Network Solutions Addresses the Issue

Related Posts

Post On Twitter

Tags

Solutions are Power

Network Solutions

Small Business Community

Subscribe