It was a strange chain of random events leading to this post that started the other day when we discussed an iPowerWeb server that was hosting panscient.com on 66.235.217.105, they have since wisely moved, which turned out to be on a shared server with multiple hacked accounts.
Then yesterday someone reported a different hacked account linked from one of my sites to another iPowerWeb server at 66.235.217.108 which appears to also have multiple accounts hacked as well. Then there came a couple of additional reports of hacked accounts with the iframes launcher script and sure enough, they all pointed back to iPowerWeb.
Suddenly there are several reports in just a couple of days so it looks like the problem may be spreading like wildfire, so we looked a little deeper. Not too deep mind you, because there are other things that need to be done, just deep enough to verify it was a real problem.
The following IPs are the result of that brief investigation which have been verified to have multiple accounts all containing the iframes launcher script at the time of this posting:
66.235.217.102There may be more and it's an obvious problem documented all over the net.
66.235.217.105
66.235.217.107
66.235.217.108
66.235.217.112
66.235.217.113
66.235.219.114
66.235.219.116
Apparently, this is not even a new problem because PCWORLD printed an article "Net Watchdog: Hacked Site Causes Headaches" that is almost 7 months old describing the exact same issues with this very same host.
Don't know what their problem is but they still haven't fixed it in many months based on all the reports online and hackers seem to have free reign.
Not good news for anyone hosting there, that's for sure!
1 comment:
"iframe launcher script".... wow what a fancy name for a javascript cloak. Load a link, load a tracking bug, stuff a cookie, or load an exploit... it's all the same iframe abuse.
I'm thinking the modern web is Web 2 dot "oh I didn't know you could do that", just ripe for abuse and exploitation.
-=j
Post a Comment