This article is more than 1 year old

DomainMonster mash: Hundreds of websites vandalized after Brit web host server hacked

Small biz wakes up to find online homes defaced

Hundreds of websites have been defaced by hackers who hijacked a web-hosting server run by UK domain registrar DomainMonster.

The index.php pages on the attacked sites were rapidly vandalized by miscreants late on Tuesday, with 612 domains and sub-domains overwritten within seconds of each other. Among the websites hit include DomainMonster's own blog.

The hacked server is at 109.68.38.20; this IP address belongs to Mesh Digital, which is based in Woking, England, and provides various online services to companies and brands. DomainMonster is the trading name of Mesh Digital, and sells domains and web hosting.

A group called the National Hackers Agency claimed to be behind the mass defacements. You can find a mirror of the graffitied DomainMonster blog and all the other trashed sites here – visit at your own risk as it may have nasty JavaScript on the page. All the defaced pages appear to be the same.

The DomainMonster defacement

The page that greeted pwned webmasters after Tuesday night hack attack

The server or servers behind that IP address have been successfully attacked in the past, too, in 2016 and 2015. This week, it appears hacker gang BD Level 7 and NHA had a power struggle over who owns the machine, with the so-called agency winning. The first sites roughed up by the NHA appear to be porno related, and then it seems the attackers scribbled over the index pages for everything else hosted on the box – including sites belonging to small Brit businesses.

If you have anything sensitive stored on that server, such as customer information, consider it compromised. DomainMonster did not respond with comment when poked by El Reg last night. ®

Thanks to Reg reader Mike for the tip-off.

More about

TIP US OFF

Send us news


Other stories you might like