Last week one of our client’s who is hosted at Network Solutions had a huge issue with their website. IE had splashed a huge red warning on the page when his URL was entered. The warning stated that the site had been compromised and included automatic downloading malware. Additionally the Kapersky antivirus program blocked all access to the website.
What I found out was, that one, the FTP access to the website had been changed without notice by Network Solutions earlier in the week, the home page of the client’s website and the index.php page of the blog directory (not the blog itself) had a trojan script installed at the bottom. Clearly if a link had been clicked on the page anywhere a trojan would have been downloaded to the unsuspecting visitors computer.
When I spoke with Network Solutions staff about the problem they said that not only our account had been compromised but others as well. For this particular client, this is the third time his site or blog has been hacked in the last year. He is the only client we have hosted at Network Solutions and the only one of two that I know of in our list of clients this past year who have had a serious problem with their web host.
When should you consider moving your website? Well I say being hacked three times is reason to move! I can understand a system being compromised once and maybe even twice but the third time warrants a conversation about why new technology and security policies were not put in place after the last big attack.
What I find particularly interesting is that Network Solutions messaged me on Twitter when I tweeted about the problem and said no, they weren’t hiding, and pointed to a note posted on their website. The note however did not say that their servers had been compromised and trojans installed on websites they host, but rather an innocuous notification that some people may be having trouble FTPing their website.
Although more transparency in this case would definitely lead to a flood of client’s leaving Network Solutions for other web hosts, clearly better customer handling of the situation should have been done. It may behoove Network Solutions to state the new security policies and hardware they are putting in place to offset the amount of bad press this last incident is creating, my own blog post included.