Daily cyber threats and internet security news: network security, online safety and latest security alerts
January 21st, 2010

Hundreds Of Websites Hosted At Network Solutions Defaced

Network Solutions announced that several hundred websites hosted on its infrastructure fell victim in a mass defacement attack during the past several days. Preliminary findings suggest that a remote file inclusion technique was used to compromise several of the company’s Unix servers.

Network Solutions is one of the top five Internet domain name registrars, managing around 6,5 million domains as of January 2009. Apart from its successful domain registration business, the company also offers other services such as Web hosting, ecommerce or online marketing solutions.

The problems began for Network Solutions last weekend when several customers reported their websites being defaced by hacktivists. Most of the attacked websites had anti-Israel messages posted on their home page and displayed violent images.

At first, the Internet firm thought a vulnerability in a Web application shared by these websites might be the culprit. “We are running a scan to see if we can proactively determine if any hosting accounts are impacted. Proponents of malware and hacking commonly look for websites with vulnerabilities. These include weak passwords, third party applications that aren’t up to date or sometimes weakness could emanate from lack of updated anti-virus software on PCs,” Shashi Bellamkonda, the company’s director for social/new media strategy, wrote on Sunday.

However, it appears that these attacks were made possible by the configuration of the hosting servers themselves, which opened a remote file inclusion (RFI) weakness. Such vulnerabilities stem from improper validation of values being passed to the $_GET of $_POST variables under certain PHP configurations.

“Hackers were able to add a file displaying illegitimate content on top of the customer website content. This was an issue on multiple servers and unknown intruders were able to get through by using a file inclusion technique. There was no danger to any personally identifiable or secure information,” Mr. Bellamkonda announced yesterday in an update on the company’s blog.

Network Solutions is working with affected customers to restore their websites and is closely monitoring the threat. It has yet to decide if the best course of action is to make permanent changes to the configuration of its servers, a decision that might affect the functionality of existent websites.

Credit: News

Share this item with others:

More on CyberInsecure:
  • US Treasury Department Websites Infect Visitors With Malware
  • Unknown Attack Compromised Hundreds Of WordPress Websites
  • Network Solutions Customers Websites Compromised, Again
  • Network Solutions Breached, More Than 500,000 Credit And Debit Cards Exposed
  • US Congressional Websites Hit By Mass Defacement Attack

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Hundreds Of Websites Hosted At Network Solutions Defaced

    One Response to “Hundreds Of Websites Hosted At Network Solutions Defaced”

    1. Shashi Bellamkonda Says:
      January 21st, 2010 at 8:43 pm

      I am Shashi Bellamkonda, the Social Media Swami at Network Solutions. We are doing our best to address the defacement issue. I want to share with you and your readers that we’ve made some web server changes and compiled information about the changes in this post: If you have any questions please, contact [email protected]. Thanks! – Shashi

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.