An attack on UK web host Daily Internet Services left customers' sites inaccessible late last week, replacing index pages with a cartoon featuring Tux the Penguin - the Linux mascot.
As reported over on Softpedia
, the attack - believed to have been carried out on Thursday by Heart_Hunter of the TH3_H4TTAB cracker group - saw all pages named 'index
' replaced with a page containing the pro-Linux cartoon.
As many sites rely on an index page to point browsers in the right direction, affected customers found their entire sites inaccessible. Daily Internet Services spotted the defacement attack at 09:52 Thursday morning, and by 21:00 that evening had successfully replaced affected pages with backup copies.
What is slightly more concerning is the news that the company is still investigating the root cause of the attack: while an outdated version of PHP is thought to have been at fault - which has since been rectified - the company is still unsure as to the exact mechanism used to gain unauthorised access to customer sites. Despite this, Daily Internet Services claims that it is "confident there will be no repeat events as all servers are locked down.
While the security hole has hopefully been patched and the affected files restored from backup, the effects of the attack are still being felt by the company's customers: several servers from the web cluster used by Daily Internet Services to provide customer hosting have been removed for investigation, resulting in decreased performance as the remaining systems in the cluster need to serve more requests.
While the scale of the attack - described by the company as only affecting a "small number
" of its hosting customers - might not compare to automated malware injection
techniques used in the past, it still represents a major blow for those who rely on their website to conduct business - and is likely to have hurt customers' faith in Daily Internet Services.
No private data is thought to have been exposed as a result of the attack.
Are you concerned that Daily Internet Services is still running the cluster without knowing precisely how the attack took place, or is the company's improved implementation of PHP likely to have fixed the problem? Share your thoughts over in the forums.