We feel your pain and are working hard to fix this

by Shashi Bellamkonda on April 18, 2010

Update : April 19th 2010
We have identified the issue and are currently in the process of deploying updates to address. Our teams are proactively cleaning any malicious code from affected files.

Our customer support teams are on alert to help customers. Network Solutions customers: Please email us at listen@networksolutions.com if you need assistance.
———————————————————————–
Apr 18, 2010 @ 15:59

We have received reports that Network Solutions customers are seeing malicious code added to their websites and we are really sorry for this experience. At this time since anything we say in public may help the perpetrators, we are unable to provide details. It may not be accurate to categorize this as a single issue such as “file permissions”.

Please know that we have all hands on deck fighting this new internet threat and investigating the cause. Our customer support teams are on alert to help customers. Network Solutions customers: please email us at listen@networksolutions.com if you need assistance.

How can you protect yourself?

Our customer support team will help identify and assist in removing the errant code from your site. Password changes are a good safety precaution to take even if that is not related to this issue. It is always good practice keep your security and malware system scans up-to-date and run them regularly on all computers. We will echo advice from Google’s post from a few days ago “We recommend only running antivirus and antispyware products from trusted companies. Be sure to use the latest versions of this software, and if the scan detects any suspicious programs or applications, remove them immediately. “

Find us on Facebook and follow us on Twitter for more posts like this!

Brought to you by Network Solutions®

No Related Post

http://domainincite.com/network-solutions-under-attack-again/ Network Solutions under attack again | DomainIncite.com – Domain Name News & Opinion

[...] company has acknowledged that it has “received reports that Network Solutions customers are seeing malicious code [...]
Jon

You need to fix the URLs for the links. You have included your NSI email location. Not a very security conscious move in a security breach notification.
http://www.networksolutions.com/small-business/getting-online.jsp Network Solutions

Thanks ! fixed it and really appreciate the comment.
andrei

I can't believe networksolutions servers have been again hacked. Don't try to deviate the real problem because I can change hundred times the passwords and this still wont help me at all because the problem is the bad configurations of your servers and because of this hackers they go into servers by username or password. With a shell anybody can go inside anybody's website hosted on networksolutions and get the new passwords of databases and login details. I tested so I know what I am talking about. Shame on you! If the hacking of my websites keep continuing then I will definetely considering hosting my websites with somebody else e.g. hostgator.
DuneSandChigger

So basically you're saying that you still have problems with malicious users accessing and modifying the files of other users, right?

Since you all “fixed” the blog problem last week by changing the permissions on every PHP script on my site, I've been getting these massive error logs (“massive” compared to normal, which is NO error log generated at all) full of “mod_mime_magic can't read file XXX”. Every time someone accesses one of my two blogs or any of the scripts I have written myself now, an error record is generated in the log. I filed a customer service request (#1-460311022) one day and was told the next that the problem had been solved. It hadn't. (I also cannot delete the old access and error logs now, btw.)

I've contacted @netsolcares on Twitter, I've emailed hostingsupport@ as well as your listen@ address. And still no joy.

And now you tell us there's ANOTHER problem? WTF?
Chris

This is completely ridiculous. We have spent at least a hundred hours over the past few weeks trying to repair our site, changing passwords at least 15 or 20 times for Network Solutions and for our blog, only to have it halfway working again. Now, before it's even 100% restored, you let them back in? Who's going to compensate me for the near complete loss of traffic and ad revenue from this problem?
Martin Cohen

Two of my (non-wordpress) sites hosted by Network Solutions have been hacked by this script. Can you tell me what I can watch for as to the negative effects of having gone to my pages with these malware scripts? Also, so I can tell/warn visitors to my sites what they might watch for?
Granny

ThankyouThankyouThankyou
http://www.wptavern.com/sucks-to-be-a-network-solutions-customer-right-now Sucks To Be A Network Solutions Customer Right Now

[...] Solutions has responded to customers in a public blog post that explains they are aware of the attack and are working hard to fix it. You don’t have to [...]
http://jetlib.com/news/2010/04/19/network-solutions-sites-hacked-again/ Network Solutions Sites Hacked Again | JetLib News

[...] hosts have been compromised. ‘We have received reports that Network Solutions customers are seeing malicious code added to their websites and we are really sorry for this experience,’ said spokesman Shashi Bellamkonda in a blog [...]
http://www.liquidmatrix.org/blog/2010/04/19/network-solutions-customers-hacked-again/ Network Solutions Customers Hacked Again : Liquidmatrix Security Digest

[...] Interesting comments. On Sunday the company posted this on their blog, We have received reports that Network Solutions customers are seeing malicious code [...]
http://todayinsecurity.com/?p=17 Network Solutions sites hacked again « Today in Security

[...] and we are really sorry for this experience,” said company spokesman Shashi Bellamkonda in a Sunday blog post. “At this time, since anything we say in public may help the perpetrators, we are unable to [...]
http://www.wpsecuritylock.com/wordpress-blogs-hacked-again-on-network-solutions/ WordPress Blogs Hacked Again on Network Solutions | WPSecurityLock

[...] Bellamkonda, at the Network Solutions blog, wrote a post entitled, "We feel your pain and are working hard to fix this." He apologized and said that it might not be isolated to "file permissions." They are working [...]
http://www.portable-digital-video-recorder.com/network-solutions-again-under-siege/ Network Solutions Again Under Siege | Portable Digital Video Recorder

[...] a post to its blog on Sunday titled We Feel Your Pain and We are Working Hard to Fix This, Network Solutions spokesman Shashi Bellamkonda apologized for the [...]
http://www.networksolutions.com/small-business/getting-online.jsp Network Solutions

Hi Andrei,

We are working on this issue and will update the post as soon as i can.

Shashi
http://www.networksolutions.com/small-business/getting-online.jsp Network Solutions

Let me know if you still need assistance
http://twitter.com/katzsa Sam Katz

While I am concerned and outraged as well, Network Solutions was very clear that if your scripts break, or you think they are compromised, to call their customer service team. (Slashdot and others think this was limited to about 50-100 domains to contact their customer service team.) Please do that, and post back so we know you are helped.

When you call, ask for a support ticket to be opened.
http://www.noticiastecnologia.com.br/servico-de-hospedagem-admite-infeccao-de-sites-por-codigo-malicioso Serviço de hospedagem admite infecção de sites por código malicioso | Notícias Tecnologia

[...] disse o porta-voz da empresa, Shashi Bellamkonda, em uma mensagem publicada domingo (18/4) no blog da empresa. “Por enquanto, não podemos dar mais detalhes, já que qualquer coisa que dissermos poderá [...]
http://www.networksolutions.com/small-business/getting-online.jsp Network Solutions

We are proactively fixing this on our systems and our support team is helping customers who contact us. please see post above for email address to contact.

Shashi
http://www.networksolutions.com/small-business/getting-online.jsp Network Solutions

Hi Sam,

Our support team is assisting customers in fixing their issue. We have a email address mentioned in the post to contact.

Shashi
http://www.focadonarede.com/?p=368 Serviço de hospedagem admite infecção de sites por código malicioso « Noticias « Focado na rede

[...] disse o porta-voz da empresa, Shashi Bellamkonda, em uma mensagem publicada domingo (18/4) no blog da empresa. “Por enquanto, não podemos dar mais detalhes, já que qualquer coisa que dissermos poderá [...]
http://www.comwise.com.my/network-solutions-sites-hacked-again/ Comwise Internetwork Sdn Bhd » Blog Archive » Network Solutions sites hacked again

[...] and we are really sorry for this experience,” said company spokesman Shashi Bellamkonda in a Sunday blog post. “At this time, since anything we say in public may help the perpetrators, we are unable to [...]
http://blog.webroot.com/2010/04/21/modified-websites-pushing-trojans-on-the-rise/ Modified Websites Pushing Trojans On the Rise « Webroot Threat Blog

[...] add malicious, obfuscated Javascript code to the footer of each page. Some Web hosts are trying to notify customers or fix the problems. At first, the problem affected sites that run the open-source WordPress publishing system, but the [...]
terry

Shashi,
I see no mention of yesterdays' problem “mail services are down” which prevented mail handling and only reference was via 800# customer service recording, today it is “ftp services down”, what's going on over there! To restate Andrei, should we be looking for alternative solutions that have better security, redundancy and 0% down time? NS' reputation is on the line here, if you shut your customers down because of bad or no security measures in place, we'll run not walk.
http://www.networksolutions.com/small-business/getting-online.jsp Network Solutions

Hi Terry,

No question this is a challenging time. Sincere apologies that this has
taken more time. Appreciate the support the customers and community are
giving us. Hang in with us and we will gain your confidence back. Our
folks have been working hard to protect and support our customers.

Shashi
http://www.ditchwalk.com/2010/04/23/is-it-safe/ Is It Safe? | Ditchwalk

[...] items myself did I discover that there were many reports about the breadth of the attack. Examples here, here, here and [...]
http://infosecevents.net/2010/04/25/week-16-in-review-2010/ Week 16 in Review – 2010 | Infosec Events

[...] We feel your pain and are working hard to fix this – networksolutions.com [...]
http://www.portable-digital-video-recorder.com/week-16-in-review-%e2%80%93-2010/ Week 16 in Review – 2010 | Portable Digital Video Recorder

[...] We feel your pain and are working hard to fix this – networksolutions.com [...]
http://educhalk.org/blog/wordpress-hacked-more-than-once-at-network-solutions/ Free Technology Tutorials » WordPress Hacked — more than once — at Network Solutions

[...] http://blog.networksolutions.com/2010/we-feel-your-pain-and-are-working-hard-to-fix-this/ [...]
http://www.appsolve.com Steven Fisher

I can see that you are still having issues with your site. Please check out this post on the instructions to check your site: http://blog.networksolutions.com/2010/what-to-d…

If you need more help, please contact us on twitter at @netsolcares or at listen@networksolutions.com
http://www.appsolve.com Steven Fisher

We have been working hard to correct this problem and if you haven't already, check out this post on the instructions to check your site: http://blog.networksolutions.com/2010/what-to-d…

If you need additional help, please contact us on twitter at @netsolcares or at listen@networksolutions.com
http://www.appsolve.com Steven Fisher

We have worked day and night to correct this issue but if are still having issues, please check out this post on the instructions to check your site:
http://blog.networksolutions.com/2010/what-to-d…

and this one on changing your FTP passwords:
http://blog.networksolutions.com/2010/alert-hos…

If you need more help, please contact us at listen@networksolutions.com or at 1-800-333-7680.
http://www.appsolve.com Steven Fisher

We have worked day and night to correct this issue but if are still having issues, please check out this post on the instructions to check your site:
http://blog.networksolutions.com/2010/what-to-d…

and this one on changing your FTP passwords:
http://blog.networksolutions.com/2010/alert-hos…

If you need more help, please contact us at listen@networksolutions.com or at 1-800-333-7680.
http://www.appsolve.com Steven Fisher

Robert,

We have worked day and night to correct this issue but if you are still having issues, please check out this post on the instructions to check your site:
http://blog.networksolutions.com/2010/what-to-d…

and this one on changing your FTP passwords:
http://blog.networksolutions.com/2010/alert-hos…

If you need more help, please contact us at listen@networksolutions.com or at 1-800-333-7680.
http://www.appsolve.com Steven Fisher

Are you still having this issue? Robert,

We have worked day and night to correct this issue but if you are still having issues, please check out this post on the instructions to check your site:
http://blog.networksolutions.com/2010/what-to-d…

and this one on changing your FTP passwords:
http://blog.networksolutions.com/2010/alert-hos…

If you need more help, please contact us at listen@networksolutions.com or at 1-800-333-7680.
http://www.appsolve.com Steven Fisher

Todd,

We apologize that your business had to experience this issue, but if you are still having problems, please check out this post on the instructions to check your site:
http://blog.networksolutions.com/2010/what-to-d…

and this one on changing your FTP passwords:
http://blog.networksolutions.com/2010/alert-hos…

If you need more help, please contact us at listen@networksolutions.com or at 1-800-333-7680.
Chris

OK, so this happened several weeks ago, and I understand why account passwords had to be reset, etc. But as of today (5/11/2010) Network Solutions is *still* resetting my FTP passwords every couple of days. No one notifies me when they do this, I find out when FTP fails. I've called tech support multiple times, and verified that yes they did reset my passwords, and yes they will slap someone on the wrist for not informing me.

Networks Solutions, are you listening? I understand that you're working through some problems, but if you make changes to my account, TELL ME YOU'VE MADE CHANGES!! This is very irritating, unacceptable, and it's not the kind of service I've come to expect from you.
http://smackdown.blogsblogsblogs.com/2010/05/13/hosting-with-godaddy-might-want-to-rethink-that-decision/ Hosting With GoDaddy? Might Want To Rethink That Decision. | Smackdown!

[...] when a new exploit is discovered, or a security hole in a large host starts getting exploited (like what happened with Network Solutions last month), I get an increase in the number of people requesting help cleaning things up. This month it [...]
http://firesaw.wordpress.com/2010/05/13/hosting-with-godaddy-might-want-to-rethink-that-decision-smackdown/ Hosting With GoDaddy? Might Want To Rethink That Decision. | Smackdown! « Firesaw

[...] when a new exploit is discovered, or a security hole in a large host starts getting exploited (like what happened with Network Solutions last month), I get an increase in the number of people requesting help cleaning things up. This month it [...]