Even though he removed all injected code, it came back all the time. Also, he couldn't understand how his site(s) got compromised in the first place.
Until he told me what his webhosting service was..... IX Web Hosting.
A quick google search explained a lot....
There's even a blog called "IX Web Hosting Warning" to warn people for this webhosting company.
Quote from their About page:
"IX Web Hosting the incompetant cheap web hosting company was hacked in May of this year, and hackers managed to “seed” the servers, which are now injecting 1000’s of innocent paying customers websites, on a weekly basis. It has gotten so bad, and happened so frequently that even the backups are infected.
This has been going on now for almost 8 months!!… Yes that is correct, 8 months, and IX web hosting has still not fixed this massive security issue.
The worst part of this ordeal, is the fact that IX web hosting knows, and has openly admitted to certain people ( myself being one) that they have a massive issue, they still blame the innocent customers that it is their fault."
In anyway, that may also explain why so many people got infected with Win32:Daonol lately:
"Thousands of IX web Hosting customers are infected with this code, and they do not even know it! The web Page looks normal, but this can be very dangerous, your website will eventually drop from ALL the mayor search engines, and your domain will be flagged as “Dangerous Malware” by all the search engines."
Lesson learned: Avoid IX Web Hosting - Avoid sites being hosted with IX Web Hosting, because you may get infected.
Saturday, January 31, 2009
IX Web Hosting - Reliable?