Ticket Number: 1058497PLNT
Ticket Type: Technical Support
Server: N/A
Status: CLOSED
Opened By: Tech Support
Summary: Multiple Defaced Websites: 70.86.136.178
Last Updated: 01/19/2006 00:02:10
Details:
Customer,
It has been brought to our attention that your server 70.86.136.178 may be hosting a website that has been defaced.
The possibly defaced websites are:
> 70.86.136.178 | 2006-01-13 17:42:00
>
http://aaroniscool.be/~rooting/hacked/index.php 3239345
> 70.86.136.178 | 2006-01-13 17:42:00
>
http://amescua.be/~rooting/hacked/index.php 3239343
> 70.86.136.178 | 2006-01-13 17:42:00
>
http://bwforums.net/~rooting/hacked/index.php 3239346
> 70.86.136.178 | 2006-01-13 17:42:00
>
http://campeaureunion.com/~rooting/hacked/index.php 3239356
> 70.86.136.178 | 2006-01-13 17:42:00
>
http://coolkat.x10hosting.com/~rooting/hacked/index.php 3239335
> 70.86.136.178 | 2006-01-13 17:42:00
>
http://crak-hed.com/~rooting/hacked/index.php 3239341
> 70.86.136.178 | 2006-01-13 17:42:00
>
http://crystal.x10hosting.com/~rooting/hacked/index.php 3239329
> 70.86.136.178 | 2006-01-13 17:42:00
>
http://digital.exofire.net/~rooting/hacked/index.php 3239339
> 70.86.136.178 | 2006-01-13 17:42:00
>
http://digital.pcriot.com/~rooting/hacked/index.php 3239340
> 70.86.136.178 | 2006-01-13 17:42:00
>
http://donald.x10hosting.com/~rooting/hacked/index.php 3239362
> 70.86.136.178 | 2006-01-13 17:42:00
>
http://dosworld.info/~rooting/hacked/index.php 3239342
> 70.86.136.178 | 2006-01-13 17:42:00
>
http://emmaw-central.net/~rooting/hacked/index.php 3239347
> 70.86.136.178 | 2006-01-13 17:42:00
>
http://giaidieuloves.be/~rooting/hacked/index.php 3239355
> 70.86.136.178 | 2006-01-13 17:42:00
>
http://haqrpg.pcriot.com/~rooting/hacked/index.php 3239357
> 70.86.136.178 | 2006-01-13 17:42:00
>
http://j4ltech.org/~rooting/hacked/index.php 3239358
> 70.86.136.178 | 2006-01-13 17:42:00
>
http://joostis.x10hosting.com/~rooting/hacked/index.php 3239334
> 70.86.136.178 | 2006-01-13 17:42:00
>
http://kenrocks.x10hosting.com/~rooting/hacked/index.php 3239364
> 70.86.136.178 | 2006-01-13 17:42:00
>
http://motb.net/~rooting/hacked/index.php 3239359
> 70.86.136.178 | 2006-01-13 17:42:00
>
http://prowl.be/~rooting/hacked/index.php 3239336
> 70.86.136.178 | 2006-01-13 17:42:00
>
http://reaperprojects.com/~rooting/hacked/index.php 3239332
> 70.86.136.178 | 2006-01-13 17:42:00
>
http://ryctu.x10hosting.com/~rooting/hacked/index.php 3239328
> 70.86.136.178 | 2006-01-13 17:42:00
>
http://sauly.be/~rooting/hacked/index.php 3239344
> 70.86.136.178 | 2006-01-13 17:42:00
>
http://sdginger.net.ru/~rooting/hacked/index.php 3239331
> 70.86.136.178 | 2006-01-13 17:42:00
>
http://soldatmaps.net/~rooting/hacked/index.php 3239330
> 70.86.136.178 | 2006-01-13 17:42:00
>
http://students.x10hosting.com/~rooting/hacked/index.php 3239363
> 70.86.136.178 | 2006-01-13 17:42:00
>
http://sweetschizo.net/~rooting/hacked/index.php 3239360
> 70.86.136.178 | 2006-01-13 17:42:00
>
http://tehlikeliarsiv.x10hosting.com/~rooting/hacked/index.php 3239361
> 70.86.136.178 | 2006-01-13 17:42:00
>
http://the-source.info/~rooting/hacked/index.php 3239348
> 70.86.136.178 | 2006-01-13 17:42:00
>
http://theclan.x10hosting.com/~rooting/hacked/index.php 3239327
The web pages on the account may be vulnerable to Cross Site Scripting. Some pages may have a vulnerability that allows a malicious person to take advantage of a vulnerable page and subsequently download and run malicious programs on your server.
We highly suggest you investigate your server for possible compromise and ensure that the user has all of their PHP scripts updated to the latest version. If you need assistance with this, please feel free to update the ticket and we will do what we can to assist you.
Please keep in mind this is merely a courtesy ticket to alert you of this and we apologize if you are already aware of this issue.
Thank you!