(WEB HOST INDUSTRY REVIEW) — As many as 100,000 websites were deleted Sunday evening after hackers exploited a vulnerability found in UK web hosting provider Vaserv’s (www.vaserv.com) system, according to an exclusive report by The Register.
A visit to the web host’s site shows a lengthy index log of updates from the technicians as they work to recover the lost data.
On Sunday evening, unknown hackers managed to breach the web host’s system by exploiting a vulnerability in a virtualization application.
The company says it was attacked by zero-day exploit in version 2.0.7992 of the LXLabs-developd HyperVM.
Vaserv director Rus Foster says he has already heard from others that they too have been hit with the same exploit.
According to The Register report, no one at the Bangalore-based LXLabs was able to be reached for comment on the exploit.
The report also points out that it is still unclear if other web hosts that are using the HyperVM application have been hit with a similar attack.
Foster says that all the information contained on about half of the company’s hosted websites was instantly wiped sometime on Sunday evening following the attack.
The attackers managed to gain control of the web host’s system where it was able to perform Unix commands, including “rm -rf,” which prompts a recursive delete of all files.
About half of the affected customers lost all their data since they opted for Vaserv’s unmanaged service, which fails to include data backup.
Foster says he is not entirely sure if the affected customers will ever be able to retrieve their lost data.
So far, not much is is known about the attackers. Foster says the perpetrators likely used a SQL injection attack to breach Vaserv’s central management system, and subsequently deleted key binaries and data for about half of all the user data hosted by the web host.
No related posts.
