A LiveJournal blogger, tacit, recently discovered that several iPowerWeb-hosted sites were affected by a malware attack. Visitors to the sites were redirected to malware-installing sites based in eastern Europe.
Several months ago, iPowerWeb was included in StopBadware's report of hosting providers with the most sites in our Badware Clearinghouse. At the time, we reported quick action taken by iPowerWeb to remove the offending code from their systems.
iPowerWeb has confirmed tacit's new report and tells StopBadware that they are working rapidly to scan their systems, remove the offending code, and lock down their systems to prevent further infection. It seems that the attack made use of PHP exploits to allow the attacker to modify the .htaccess file on the virtual servers.
iPowerWeb also noted that they have been in the process for a couple months of migrating users' hosting accounts to a new data center that has better security and tools that make it easier for iPowerWeb to quickly respond to this type of attack in the future. They expect this to be complete sometime in the first part of 2008.