A hacker called “Dhostpwned” was able to register a shared hosting account on the dark web hosting service and managed it to upload two shells on the web servers, the first one is written in PHP and the other one is written in Perl.
The company investigated the hack and said that the attacker was not able to execute the Perl shell, but the PHP shell has been executed and worked just fine.
“An attacker subscribes to a shared hosting. It uploads two files that are a PHP shell and a Perl shell. The Perl shell can not be executed on the server, but the PHP shell can be executed on the server. A large part of the PHP shell is unusable since a certain number of functions are blocked on the shared servers but one function was not blocked. The attacker was able to access the server and execute a commands with limited rights.”
it took an entire day from the hosting company to recognize what really occurred, identify the point of the hack, and change FTP and database password for all clients.
“Dhostpwned has not dumped any data from Deep Hosting or its clients, and said he doesn’t plan to.”