Inmotion Hosting Hacked by Tiger-M@te. Users Greeted by Lame Looking “Hacked” Page.

Server Maintenance and Backup

This snippet explains a bit about the tiger-m@te inmotion hack which defaced thousands of people’s websites. Leave comments below.

To see how to fix this problem if you were affected, >click here<.


What happened?

Some hacker(s) decided to take on one of the world’s largest hosting companies, inmotion, and replace everyone’s index.php file with a cute little 1990’s style “Server Hacked!” splash page. It plays a rap song (given your dumb enough to stay on the page long enough for it to automatically download…which I was).

If inmotion gets hacked and 700,000 websites with it (including this humble one I make a living on) , that should say plenty about the internet, no? Its not easy to hack someone like inmotion. I love inmotion by the way. It just shows nobody is immune to getting hijacked in the pirate-infested waters we call the internet.

That being the case, what if a site like facebook gets hacked? Facebook deals purely in information – your information – so no doubt that would cripple society’s identity as a whole. I guess the internet is only as trustworthy as the hackers that run it.


The fix:

Its an easy fix. Just replace your index.php file with your back-up version. Multiple directories were affected, so if you use wordpress, check out folders wp-admin, wp-content, and wp-includes. Replace them with their respective index files from the default install. Also, inmotion hosting is running an automated repair on websites that have done backups in the past, so you may never have to touch it.


the Splash Page

Here is the splash-page I was greeted with. Hackers seem fond of 1990’s style web design (done by teen-age geeks with too much time on their hands).

Inmotion got hit by a little hacker... tiger-m@te

Remember WaRez? Remember the old days of hacking when teenagers used to run shady websites from their bedrooms while their parents were completely ignorant to what their kid was up to? The design of this webpage smacks of that era 1990's. If he was going for the vintage hacker look, I suppose he did well. But for a modern 700,000 webpage defacement notoriety getter?


Related illustrations on Tiger-M@te hacking news:

Hacker Taking over ServersServer Repair TechnicianServer Repair Specialist Reparing Hacked AccountsCustomer Service on Phones Regarding Account Repair

Server TechnicanHacker Looking For Weaknesses in Binary CodeHacker in code


Little Hacker Bot, Scraping Data and Searching for Weaknesses

32 thoughts on “Inmotion Hosting Hacked by Tiger-M@te. Users Greeted by Lame Looking “Hacked” Page.

  1. Hi Leo,
    I just transferred my Hosting about a week ago.
    And this happened.I am only small time too and rely on my Site to supplement my Pension.
    Why don’t these children “Get a Life”
    At least Posting here helps my frustration a little.
    Cheers,
    Tonyg

  2. Thanks for posting this. My site, too, is hosted by Inmotion, and I happened to check it first thing this AM. It was interesting to see your post so promptly after mine went down.

    I know what you mean about FB. I don’t share anything there. But the sad thing is, friends and family of mine post photos and info about me all the time. Kiss privacy goodbye.

  3. This just happened to me this morning, no one at my server (WebHosting Hub) seems to be up or even aware of the problem yet. I have a small vintage/craft blog that recieves very little traffic, it’s just sort of something I do for fun. HOWEVER, I would be really bummed out if the 5 years I’ve put into it was all for nothing now. Were you able to restore your index page or was it gone for good unless you had it saved somewhere else? I’m not sure that I still have my index file backed up anywhere since a recent computer malfunction.

  4. Hi,
    To answer you guys, it appears they over-wrote the index.php files in all the levels of everyone’s web directory. Any file called “index.php” in either the top directory, or in another sub-directory (like wp-admin) was replaced with the hacked-version.
    Its a simple fix…just get your back-up index (if its wordpress, it should be a simple copy/paste from the default install) and upload it.

  5. By the way, *supposedly* the same people pulled a trick on google a while back. Inmotion is an awesome hosting site…I absolutely love it and they’ve been very good to me. I don’t plan to move at all. This could happen to any company (especially the big ones since pranksters foaming at the mouth to target them)

  6. yeah I just replaced mine and it is still there, I’ll try it again, otherwise I am not sure what to do, especially since my host has taken their 24/7 chat offline forsome reason. THEIR main page and everything seems to be working just fine :/

  7. I have two sites on a primary account with inmotion. Thanks for the update above every1.

    To avoid displaying the hack page, i set up a temp. divert in cpanel to divert http://www.sitename.com/ and http://www.sitename.com/index.php to http://www.sitename.com/anything/ as a landing 404 page until inmotion resolve the issue.

    Does anyone know if inmotion will be able to revert to an earlier server backup (via inmotion’s server backup) of server files for all 25,000 sites and how soon? The Inmotion hosting company webpage is fine. There are no posts about this problem on the forum. Let’s hope inmotion hosting sort this problem out fast & soon!

  8. mine is hacked too, i am calling inmotion.com from saudi arabia and everytime gives me busy tone or they play stupid waiting music.the problem is i didnt take any backup for it.

  9. This is the second time InMotion has been hacked in this way. It also happened last year around this time by some Turkish Hacker.

    I’m highly demotivated to work on my site to say the least.

  10. Thanks for posting this. Why is inmotionhosting not answering their phones ?

    Thanks for the fix as im replacing all my index pages. I also rely on my website for a living and had i lost it my life would be ruined.

  11. Thanks
    Also inmotion twitter is useful for latest:
    http://twitter.com/inmotionhosting

    5 mins ago:

    @inmotionhosting:
    ‘If your index.php was modified, they will be restoring it from the most recent backup and no further action is necessary on your part.’

    Hope this helps & we get our sites back up!

  12. Overwriting the index file is only a temporary fix, as the htaccess file has been modified. New folders were created and under each folder (the new and existing ones) this hacker’s index file was dropped in. For it to be resolved, I had to clean up the htaccess file (if applicable) and delete the folders and files that were dropped into my web directory.

  13. I agree Leo. InMotion sent me an email 4 hours after the hack 4am. They did a good job. I am a security researcher, I don’t think it was pranksters. 700,000 websites -that’s big to me. As we hear more about targeted spear fishing attacks this looks like a prank, but maybe an intelligence gathering troll. It did’t get all my sites and I see it happened to a lot of us. Questions I like to answer.
    I am doing research on the Tiger-M@te Attack that hue all of us. If you have anything to share I would love to collect it and report my findings.
    My 2© cents – gatoMalo_at_uscyberlabs_dot_com
    http://USCyberLabs.com/blog/
    http://cyber.uscyberlabs.com
    http://ChinaCyberWarfare.wordpress.com
    http://HacktivistBlog.wordpress.com/

  14. I’d love to hear if it were anything more than a “prank” level hack. To me it just seemed like an elaborate attention getter. Update this page here if you find anything. I’d love to know!

  15. Pingback: Tiger-M@te Hack Project Notes | US Cyber Labs - Blog

Leave a Reply

Your email address will not be published.

*


seven + 3 =

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>