http://www.ecphosting.com
:(

Looks like it.

Ooo, nasty

Wow I thought that company was smart... I guess they did get hacked and now will have a bad reputation. ECP don't sweat it, it happens. He left a clue about how he got in.......

Those CPanel cgi vulnerabilities are not new. It would appear they don't keep on top of security as tightly as they should...;)

Ouch that why you keep up with security.

i'm suprised they run their own site on a cpanel server.

C'mon guys Cpanel is so pretty and customers love it we have to run it ;)

Does anyone have any contact info on him maybe they could get in touch with him some way as they could be sleeping and have no clue right now what is going on.

cPanel is Eye-Candy.. GO ENSIM!!! As Dale Gribble says "Wing Go!"

I just got in touch with someone at ecp they are working on it now.. thats the one thing I hate about cpanel there are so many third party auto-install scripts installed that you have to watch after all of them which is why i would rather run something a little more simple.. but hey what can you do s&%t happens even to the best of us..

Did the person you get in touch with already know about this problem?

Yes, He said he was on the road and going to take care of it as soon as he got back.

Now a different hacking message showing up. Was it hacked twice by two groups? :(

Well, since the first group told them how they got in, the second group must have done it also. Hmm, its been 5 hours, wonder where they are.

Seem to be back up now!

Thank you all for being so supportive, and for all the help you all provided with letting us know about our site. Really, it has been a help. Although I was away, we had our ground techs anxious to get this resolved, but I personally wanted to handle this. We did receive notice as SOON as this happened from our monitoring agency, but it was very kind to speak with many of you about this, and the incredible kindness everyone who called seemed to have. Thank you, it means a lot to have your support (for the most part).

We also take this situation very seriously and are investigating this matter as we speak.

If you have any information that could hep our investigation, we would gladly accept them here: abuse@ecphosting.net.

Again, thank you. :D

Dear Erik:

Good evening Erik! I hope you will resolve the problem soon!
Is there anything I could do for you at the moment to help you?
If yes, let me know! I will be more than willing to help you!

Looks like some 12-15 yr old hacked your site. You can tell by what the person wrote.

You all have been too kind. I'm really taken back... but even though we have been behind securtiy and making sure every aspect of our server is locked down, we are still far from perfect.

I would also like other web hosts to kindly take a peek at this page to help patch their own pages from a vulnerability we found (not confirmed to be related):

http://www.php.net/release_4_3_1.php

Again, thank you for your kind support! :D Joseph, we could just use any information that could be related to this... even though we have a good idea, it has never hurt to have everything availiable to us.

Originally posted by Mythril
Looks like some 12-15 yr old hacked your site. You can tell by what the person wrote.

We are going to delete these two threads soon... but you may view what our mature guests left us.

http://forums.ecphosting.net/showthread.php?threadid=138

http://forums.ecphosting.net/showthread.php?threadid=135

Well, if he posted on your forums, then you obviously have his IP address...

If he left an IP address, please post it so we can add it to our ever growing list of blocked sites :D

Although vB did not log this IP address (yes, we already looked into that) we did have one IP. Please email us for this at admin@ecphosting.net (as I am not a big fan of posting IP addresses).

It seems you are running CPanel 5.3.0. 6.0.0 is now in the stable tree, so I would advise you update ASAP or disable guestbook.cgi.

The guestbook.cgi script included with CPanel has a rather serious security exploit, this has been corrected 6.0.0 build versions and above.

That sucks. I've emailed and PM with Erik a couple of times. He seems like a good guy and that he tries to do the best for his customers.

I'm sure he wll get it fixed ASAP.

If I can give you a hand Erik let me know.

Thank you all for your feedback and continued support. :D

We have looked into CP6 and will upgrade when a couple important bugs get worked out (otherwise, all tests have been good!). As related to this incident, the guestbook.cgi has nothing to do with this one (but we will be disabling this anyway).. thanks for the tips! :D