If you are having issues accessing your site from any server, please open a support ticket so we can check on it. Please include the domain(s) affected as well.
Server affected : darwin.dnshostnetwork.com / UK Direct Admin 1
Our Upstream provider HostMedia, has provided these updates :
INCIDENT
We are investigating a possible wide spread attack on the Darwin server that has replaced /home directories with an index.html file with a Russian redirect page.
It is recommended to update your password using this guide : https://hostkoala.com/clients/plugin/support_manager/knowledgebase/view/153/changing-password-of-my-hosting-account/16/
Currently we are running full scans of the server and at present no security alerts have been found, we have started our standard security processes which includes resetting passwords and scanning our services. We will update this status report as soon as we can with further details.
UPDATE 1: The impact seems to be related only to website files in some users domain public_html folder, all emails / databases etc are not affected.
Our team are working through available backup restores on affected accounts but to speed this process up, we ask all affected customers to upload their own backed up copies of their website files. Databases are running normally as well as email services.
UPDATE 2: Restores are on-going, please note this will take some time and as always we can't 100% guarantee the stability of the backups so as mentioned to all customers, as everyone should have copies of their files stored off-site it maybe faster to upload your website files to your account to avoid delays as our restore is processing. Thank you for your patience and support during this time.
UPDATE 3: Quick update that we are continuing to restore accounts, sadly the restore is a little slow but our team are working through them as quickly as possible. Unless we have any new details to share, we won't be posting any new updates here - we continue to work through the restores.
UPDATE 4: Our team continue to restore websites affected by this incident, if your website is still facing issues please feel free to open a support ticket so we can individually keep you updated. Please note, restores are taking a longer than normal, this is due to bad timing on upgrades to our backup storage which required many servers running syncs which adds extra load to the servers and can't be halted without causing possible issues with data.
UPDATE 5: We have been noticing some backup restores from the Darwin server are failing which we are investigating, we have already confirmed this is isolated to the Darwin instance, all other server backups are looking good. We would ask once again for all customers to upload their website files (databases etc are all active) from your local computer/storage onto your accounts to speed up recovery of your website while we continue to work through restores on sites still showing as impacted by this issue.
UPDATE 6: We have restored the majority of backups that contained stable copies of users file structures, we will be emailing all customers to check their accounts and if required upload their web root files to their accounts to ensure the latest file data is there. Again only website files are impacted, all databases, emails, settings were either restored or not impacted. .
UPDATE 7: We continue to investigate the root cause of the attack and the degraded backup instances with the support of JetBackup team. We continue to ask all clients still impacted to ensure they upload their website files into their public_html directories and those that have had accounts restored to make sure they hold a backup locally. Even with the best backup systems, sometimes they can fail and it is a requirement of all customers to hold a backup using locally when using our service, but recommended for everyone no matter who the provider is.