Update : Web site defacement issue

by Shashi Bellamkonda on January 19, 2010


Categories : Uncategorized

We apologize for the delay in the update and can assure you that our security team members have been working non-stop sleeplessly to get to the bottom of this issue. We have discovered the cause of a limited attack on websites hosted on Network Solutions Unix servers where a few hundred sites were affected. Hackers were able to add a file displaying illegitimate content on top of the customer website content. This was an issue on multiple servers and unknown intruders were able to get through by using a file inclusion technique. There was no danger to any personally identifiable or secure information.

Network Solutions has added monitoring of this threat to increase protection. On conclusion of the investigation we will be taking action which could include modifications to some server configurations. In addition, we’re actively working with law enforcement to monitor the threat landscape and take action against malicious elements that attempt to penetrate our systems. We understand from law enforcement that they have seen an increase of complaints of this nature over the last few days. These incidents are regrettable and we apologize for the inconvenience.  Due to the nature of the web, the race between technology and the bad elements is a challenge that companies face continually.

We are currently in the process of removing the defacements from affected sites and expect this to be completed this morning. If your site has been defaced please try to republish or restore your backup. If you need help, please contact Network SolutionsReal Person ™ support or on Twitter  @netsolcares

Please read our previous post on steps you should continually take to protect your sites. We thank all the customers who have helped us with examples and other helpful details on this issue

Find us on Facebook and follow us on Twitter for more posts like this!

Brought to you by Network Solutions®, a Web.com® service.

Related Posts

  • No Related Post
    • Pingback: Hundreds of Network Solutions Sites Hacked — Krebs on Security

    • jacoba2

      This happen to my business website on Network Solutions. I could not believe it. it looked like guys from Saudi Arabia. I had to get a restore of my whole site which took me a long time! Really mad! I am going to have to get a website monitoring service now. Found a few for those that are looking for more security.
      http://www.mcafeesecure.com Twice a month
      http://networkintercept.com/site%20scanning.html Every 4 hours
      http://www.qualys.com/products/trials/ Once a month

    • http://www.gradybros.com/ Ken

      Has the problem been resolved? I currently have take my site down. Was hacked over the weekend and again Monday.

    • Pingback: Website Defacement as a Political Statement – Effective or no? | HumanActive

    • hmcnally

      This is an improvement over yesterday's patronizing boilerplate “probably not our problem” post imploring customers to do the obvious of updating passwords and server-side software. That's useful information that could have been referred to in a link (as you do above), rather than in a condescending “public service announcement” (that's what I presume you meant by a PSA).

      An exact description of the “file inclusion technique,” and a report on NetSol's efforts to locate and have the felons who did this prosecuted would also be appreciated in this blog space.

    • Andy

      This happened to our website three times in two days….not a pleasant site for our customers…
      Please take care of this as soon as possible..

    • Pingback: If You *MUST* Use Micro$oft

    • jpTell

      One of our websites on Network Solutions was hacked. All the files, including image files, were replaced by the hacker's webpage, but kept the same file name. My PC was also affected – my up-to-date McAfee was “broken” and would not run a virus scan (froze as it was scanning) and my keyboard became intermittantly disabled. How do my PC and my website relate that one could affect the other, or is this a coincidence? I had McAfee and Internet Explorer up.

    • bclarke

      This happened to our site's index page only. I have the code if any one needs it as I saved it before I reposted to correct the problem so I could examine it for what may of caused it, I had to redo it a few times but finally it stayed but without our main jpg which finally I was able to restore today by working directly with the site online. I had done all the steps as if it were a real hack – installed virus software on my posting computer, changed all the passwords etc. I emailed Network Solutions but of course have heard nothing back from them but have been finding bits around the web about others also effected and also haven't been able to get answers back.

    • Pingback: Hackers deface hundreds of ISP’s customers’ Web sites | IT-Networks

    • Pingback: A few hundred websites on Network Solutions defaced | Website Security

    • HS

      Seriously considering Godaddy now.

    • Pingback: Hundreds of Network Solutions Sites Hacked | Security news

    • Pingback: Hàng trăm website từ Network Solutions bị hack « Net24h.info

    • Pingback: ©NetSec Güvenlik Bülteni – XX « Elektronik Yayın Arşivi

    • http://www.security-wire.com/ Remove Spyware

      Yes, godaddy and lunarpages are quite stable.

    • http://www.ricohteknoforce.com/ Ricoh Teknoforce

      This is happening in many sites these days. Such problems should be solved in less time as soon as possible because it will make people lose trust on the concerned websites.

    • http://security-wire.com/ Remove Spyware

      Sorry to hear that!