Hackers Hit Network Solutions Customers

Hackers have managed to deface several hundred Web sites hosted by Network Solutions, the company said Tuesday.

In a blog posting, the Internet service provider described the incident as a "limited attack on websites hosted on Network Solutions Unix servers." Several servers were hit and "intruders were able to get through by using a file inclusion technique," the blog post said.

A Network Solutions representative could add little to the blog's description of the attack, but remote file inclusion attacks are a relatively common way of exploiting buggy Web server programming in order to run unauthorized content on the server. "Our preliminary investigation indicates that the source of entry was through a single site," said spokeswoman Susan Wade in an e-mail.

Network Solutions customer Lucina Mastro learned Sunday that someone had crawled the folders on the Web site she maintains and replaced all of the index.html and main.html files with new files claiming that the defacement was "For Palestine."

Mastro, a volunteer Web administrator with St Anne of the Sunset Catholic Church in San Francisco, replaced the files from backup. That seemed to fix the problem, she said.

Harry Brooks was not so lucky. He learned that one of his clients had been hacked with a similar defacement Monday, and restored the site from backup, only to learn that it had been defaced anew on Tuesday, apparently by someone else.

The second defacement made no mention of Palestine, but said simply "Server Is RooT!"

Brooks, president and CEO of Search First Internet Marketing in Gainesville, Virginia, was upset with the defacement. "You can't have 15 simple static HTML pages hosted in a shared hosting environment without some maniac getting in," he said. "Clearly there is a vulnerability in their shared hosting environment otherwise this wouldn't be happening."

Subscribe to the Security Watch Newsletter

Comments