InMotion Servers Hacked!

by The Happy Housewife on September 25, 2011

A big thanks to Mitchell from My Frugal Tech who got my personal site hosted by InMotion up and running this morning and provided the secure WordPress tips below. 

If your blog is hosted by InMotion you probably woke up to an inbox full of emails letting you know your site had been hacked.

spacer

According to InMotion the hack affected the homepage of websites hosted on InMotion. They claim all the files are still there.

InMotion has disabled things on the backend which is why most people still cannot access their c-panels or dashboards.

It is nearly impossible to get through to InMotion, but one website owner who did get through (after 1.5 hours on hold) was told that the hack is all on their end (InMotion) and they will take care of everything. They said it is mass server hack that has replaced the index file in the public_html of several accounts.

InMotion has a statement regarding the hack on their website.

According to several people on Twitter in order to get your site up and running you’ll need to

Replace the index.php in your www or public_html file with the original

Of course you’ll need access to your c-panel to be able to replace the file and currently not everyone has access to their c-panel.

This post by I Love Free Software has more details on the hack and how to get your site up and running but you’ll need to read the comments for the best information.

Here are just a few things you can do to help secure your site.

  • Change your passwords on your c-panel and website once you have access. The c-panel password was probably compromised and it doesn’t hurt to change your website password as well.
  • Backup your site on a daily basis. Use the WordPress DataBase Plugin to backup your database on a daily or weekly basis depending on how often you update your site.
  • Use WordPress Security Scan Plugin.
  • Use Website Defender.

If your blog is your business a hack like this can mean lost revenue and readership! While you can’t do anything to prevent a hack on your hosting company you can take steps to protect your own website from being hacked.

Has your site been affected by the hack? What steps have you taken to secure your website?

P.S. It’s easy to switch hosts to a host like HostGator, if you are fed up and ready to move.

{ 4 comments… read them below or add one }

spacer Dana September 25, 2011 at 12:11 pm

you can EASILY fix this via FTP. I don’t know anyone who uses cPanel to update their website anyways.. and if so, why are you doing that? The fix is easy, even though this inconvenience is huge. In WordPress, you will need to replace 3 index.php files since it looks like they got them all. The one in the mail public_html folder, the one in the wp-content folder, and the one in the wp-admin folder. If you don’t have these files saved on your computer, head on over to wordpress.org and download the latest version. Then just copy those index.php files over to your site via FTP. i just had my 30 sites hosted at InMotion fixed within 5 minutes. I’m sure InMotion is swamped with calls right now so take it into your own hands and stop bothering them… they are working on it obviously.

[Reply]

spacer Jake September 25, 2011 at 4:49 pm

I was also affected by this and was looking for some solutions…

I found one site that said to delete your wp-includes and wp-admin directories and replace those with the fresh WP ones…

So I got the wp-includes deleted and replaced via FTP but it won’t let me upload the wp-admin folder?…

I get critical error when trying to upload it…

Any ideas?…

[Reply]

spacer Alison September 25, 2011 at 8:52 pm

I wouldn’t recommend hostgator to people who are actually getting decent traffic. Their VPS and dedicated servers aren’t as good as inMotion.

[Reply]

spacer Brian September 26, 2011 at 12:54 am

We use InMotion for some of our clients and this hack affected all of their account. However, I think InMotion did a very good job of quickly acknowledging the issue to admins, devising a fix, and implementing it.

I have not witnessed a single widely-used hosting company that has not been hacked at some point. Nevertheless, the scale of this hack was enormous, and I will be looking to InMotion for concrete assurances that the core vulnerability that allowed this hack to occur has been patched before I continue to send them our business.

[Reply]

Leave a Comment

Previous post: Social Media and Blogging Weekly Round-up {09.24.11}

Next post: How to See What is Being “Pinned” from Your Website

gipoco.com is neither affiliated with the authors of this page nor responsible for its contents. This is a safe-cache copy of the original web site.