Small biz wakes up to find online homes defaced. Hundreds of websites have been defaced by hackers who hijacked a web-hosting server run by UK domain registrar DomainMonster.
The index.php pages on the attacked sites were rapidly vandalized by miscreants late on Tuesday, with 612 domains and sub-domains overwritten within seconds of each other. Among the websites hit include DomainMonster’s own blog.
The hacked server is at 220.127.116.11; this IP address belongs to Mesh Digital, which is based in Woking, England, and provides various online services to companies and brands. DomainMonster is the trading name of Mesh Digital, and sells domains and web hosting.
The server or servers behind that IP address have been successfully attacked in the past, too, in 2016 and 2015. This week, it appears hacker gang BD Level 7 and NHA had a power struggle over who owns the machine, with the so-called agency winning. The first sites roughed up by the NHA appear to be porno related, and then it seems the attackers scribbled over the index pages for everything else hosted on the box – including sites belonging to small Brit businesses.
If you have anything sensitive stored on that server, such as customer information, consider it compromised. DomainMonster did not respond with comment when poked by El Reg last night.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.