Indexhibit Support

Hey,

My wife's site got hacked. Now I wonder, is this a indexhibit-hack or the host?

HaCkeD By: (( AtoM & D4nnY ))
GreetZ To : All Muslim & Albanian Hackers

"Kosova Elite Hackers"

uname -a: Linux cummiskey 2.6.31.5-modsign-aufs2-grsec-xeon #1 SMP Fri Nov 20 20:08:17 UTC 2009
uid=1072098(confer) gid=267641(pg984192) groups=267641(pg984192)
Safe-mode: OFF (not secure)

Thanks!

...errr - did you tell your host? What was his response? Can you post an address?

Oh, here is the address:

http://www.missblaze.com

It's on dreamhost. I haven't spoken to them yet, she discovered the issue 10 minutes ago. I asked her to change her password on the domain and (just in case) her email password as well.

I will contact the host as soon as possible.

index.php doesn't exist in the root directory.
Instead there's a index.htm page with all the hackery crap in it.
I personally believe it's a server thing, but I ain't no tech wiz.

Yeah, the ndxz-studio database is still there. Apparently they "just" replaced the index.php with their index.htm . Now the question is if this is possible through a problem with indexhibit or the host...

Little update:

Dreamhost says this is most probably related to a 3rd party software running on the server. I assume this must have been an exploit in indexhibit (I am running Joomla 1.5 on that server as well, but it got not affected).

I will go with her through the files for any possible "problematic" ones and then we will try to rebuild her index.php.