FTP Website Hacks - Important Notice
May 17, 2011

There is a computer virus spreading via the internet, which once affecting a computer, is able to use exploits in a combination of several programs to gain access to your FTP usernames and passwords.

Am I vulnerable?
Any computer running insecure and outdated software is vulnerable to security issues. Keeping the software running on your computer up to date and regularly changing your passwords are the best precautions to take.

What should I do if my account was compromised?
We have not been able to verify exactly what combinations of software are a problem, but you will need to make sure your personal computer is up to date for all software and specifically including:
- Adobe Acrobat Reader
- Adobe Flash Player
- Adobe Shockwave
- Any FTP Program including Filezilla FTP and WS_FTP

If your account was compromised, you should check with the vendors of software you're running to see if security patches or any other important updates are avaialble. The following article on our website contains more information regarding keeping your software up to date:
https://support.inmotionhosting.com/cgi-bin/kb.cgi?do=read&id=94

It is also very possible that your software has been updated already and the attempted hack was possible because some time in the past your personal computer had a combination of software that was not secure. At that time, the method the hackers used would find your FTP username and password from your files and send it from your personal computer out to a repository they set up for future use.

One of the more commonly used exploitable programs is Adobe's Acrobat Reader. Adobe has released security advisories on their website, including information on how to update the version you are running to the latest stable and secure release. You can reach Adobe's Security bulletins and advisories webpage via the following link:
http://www.adobe.com/support/security/

You should also immediately reset your cPanel password (which is your FTP password as well) to a secure password that is at least seven characters long, and uses a combination of letters, numbers, and special characters. You can reset your cPanel password within the "Change Password" section of your cPanel.

Are your servers secure?
Yes, our web servers are secure, however anyone with your username and password is able to access your account. If your personal computer has been compromised, your hosting account can become vulnerable as well if your FTP username and password were aquired.

What is InMotion Hosting doing to counteract this?
After seeing an increase in volume of accounts hacked via FTP, InMotion Hosting has deployed a monitoring system that proactively searches for and addresses these third party hack attempts. If we detect an upload of a file containing a known hack, our monitoring system takes several actions, including:
- Block the IP address of the user attempting to modify your files
- Quarantine the modified files and restore them from what we have in our backup system
- Reset your cPanel / FTP password
- Email you a notification
- Document your account so our Support Department can quickly recognize that our system has protected your account

Contact InMotion Hosting

Toll-free: 888-321-4678
International: +1 757-416-6575
Fax: 310-359-0211
support@inmotionhosting.com
Need to update your billing or personal information?
Log into your AMP