It was a strange chain of random events leading to this post that started the other day when we discussed an iPowerWeb server that was hosting panscient.com on 18.104.22.168, they have since wisely moved, which turned out to be on a shared server with multiple hacked accounts.
Then yesterday someone reported a different hacked account linked from one of my sites to another iPowerWeb server at 22.214.171.124 which appears to also have multiple accounts hacked as well. Then there came a couple of additional reports of hacked accounts with the iframes launcher script and sure enough, they all pointed back to iPowerWeb.
Suddenly there are several reports in just a couple of days so it looks like the problem may be spreading like wildfire, so we looked a little deeper. Not too deep mind you, because there are other things that need to be done, just deep enough to verify it was a real problem.
The following IPs are the result of that brief investigation which have been verified to have multiple accounts all containing the iframes launcher script at the time of this posting:
126.96.36.199There may be more and it's an obvious problem documented all over the net.
Apparently, this is not even a new problem because PCWORLD printed an article "Net Watchdog: Hacked Site Causes Headaches" that is almost 7 months old describing the exact same issues with this very same host.
Don't know what their problem is but they still haven't fixed it in many months based on all the reports online and hackers seem to have free reign.
Not good news for anyone hosting there, that's for sure!