Sharkspace hacked - Users be aware

Sharkspace claims quite boldly on its website:

"Security is Key
SharkSpace takes security very seriously. We deploy several advanced features to help prevent website hacking. They include a complex security system to block hundreds of website hacking and defacing techniques that are used to compromise outdated scripts while not affecting normal website operation. Additionally SharkSpace deploys mod_security with rule set, firewalls, suPHP (which allows you to use the permissions 644 and 755 as writable instead of the dangerous permissions of 666 and 777) and brute force protection."

- This is clearly not the case, as the following will demonstrate.

Recently, I made the technical adminstrators at Sharkpsace aware of the fact that a mass attack on the shared server 67.23.185.3 had taken place whereby an intruder was able to place an html file within at least 130 accounts, cf. here for details:

w w w.zone-h. o r g/archive/ip=67.23.185.3

The response from Sharkspace to my detailed inquiry was short: "We cannot find anything on the server that would cause anything like this." Obviously the security team at Sharkspace are either incapable or do NOT "take securtiy very seriously", as they appear to be blissfully unaware that the Apache (acc. to Cpanel running version 2.2.16 / relased 25 July 2010 ) and the PHP (acc. to Cpanel running version 5.2.14 / released 22 July 2010) they are running on said server are both almost 1 year out of date and have both been revised several times whereby the aforementioned secrutiy holes have been closed by the revision.

As Sharkspace refuses to inform its customers of this security hole and is obviously not prepared to update its servers' software, I have taken this task upon myself and recommend you urge Sharkspace to respond to this issue or to run for the hills!

In my view this inabilty of Sharkspace to live up to its main responsibility of keeping its users' content secure (by keeping its servers software up-to-date) constitutes a serious violation of its duties under the contracts with its users. Providing webhosting is not a game.

That I struck a saw point with Sharkspace was best illustrated by the removal of the above post from their support forum within minutes. Some call it censorship.