Webhost hacked – anyone else using webhostinghub?

Yes, mine too.

Looks like Webhostinghub has been hacked.

Interesting choice of music btw

you cam click the download link at top of this page and get the wordpress zip
extract the index.php and upload it to your site via ftp client or host’s file manager

it’s possible it’s only in that file but unlikely

http://codex.wordpress.org/FAQ_My_site_was_hacked

http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/

http://ottopress.com/2009/hacked-wordpress-backdoors/

I use Webhostinghub and restored my site(http://www.mamiec.com/blog/ and http://www.mamiec.com/).
As MmeLindor wrote, I rewrited my index.php.

Here is my chat with the support.
—
I do apologize for this, it appears there was a server wide issue where the index file has been replaced in the public_html of accounts. This can be resolved by uploading a new index file to the public_html however we are currently underway on a full account restore of all servers, we do not have an ETA as an investigation is still underway however if you email support@webhostinghub.com we would be contacting you via email as updates become available.
—

Webhostinghubs is a subsidiary of Inmotion hosting and both were hacked this morning at 4:30 EST (I was working on a client site)many other reseller of these companies.

Changing your index file is just step one. You need to re-install WordPress (manual re-install) as the hacker has modified a few files in the core as well. As soon as you get it running, export all your content, database and wp-content directory and wait for the next attack. If in-motion decides to backup everything, you will lose your latest posts and modifications so back up yourself before they get to it.

if you guys want to really get rid of the hack – read my post above

Announcement issued,

—
Dear Customer,

At around 4am EST, our system administration team identified a website defacement attack affecting a large number of customers. We are still investigating, but it appears that files named index.php have been defaced.

We are evaluating how this has occurred and our security team will have more information shortly.

While we review this issue, cPanel and SSH access has been disabled on various platforms. For additional security, we are rotating passwods on a number of accounts. We will honor requests for password resets as they are needed but are attempting to limit the inconvenience to our customers as we’re able. FTP is still operational should you wish to access your files at this time and correct any issues you see yourself. We will be working diligently to make cPanel access available again as soon as possible.

If there is a defacement on your account, please know that our Systems team is working to get your site back online. If your index.php was modified, they will be restoring it from the most recent backup and no further action is necessary on your part. At this time, we do not have a definitive timeframe for resolution, but we will update this page as we gather more information.

We do apologize for this issue, let us know as you have further questions, we’ll be glad to answer them as we’re able. Please understand it will take our security team some time to review this issue before we can have a full explanation available.
—

Same here. All good now 🙂