We are currently experiencing an outage on inetsrv9.gahost.com. We also believe a malicious script my have been executed on the server adding adware/trojan scripts to php files. We are investigating this and will provide an update soon.

The server is up at this time.

It appears that a malicious process has appended a spyware/adware downloader to the bottom of all php files on the server. We are in the process of repairing them. A copy of the damaged files will also be in your directory with the extension of .php.bak. These files are there just incase you need to see your code prior to our modifications.

The web server is still down at this time while the script is running to prevent your visitors from downloading the malicious code.

A large portion of files have been repaired. We will be turning the web server back on to allow for sites to be viewed. If your sites are still showing unusual content, you can either wait for it to be repaired to upload a local backup copy you might already have.

AlphaOmegaHosting.Com would like to thank all of our customers for their patience during this trying time. We hope everyone understands that these types of issues do happen from time to time and hope that our actions were satisfactory in resolving the issues and communicating the status.

Almost all of the files are fixed at this time. I would encourage everyone to check their htm, html, php and shtml files to ensure there is no "iframe" code appended to the end.

In addition, one of our users graciously contacted the owner of the site to have the files removed.

We believe the attack used vulnerabilities in cpanel to gain access to the server. While there are no posted vulnerabilites that we had not patched to inside of cpanel, we have upgraded to the latest version available anyway. We will continue to monitor the server and attempt to make any additional tweaks possible to prevent this from happening in the future.