The code:
Code: Select all
>
What I know so far:
Doing a Google search for "" and cross-referencing sites via WHOIS, where the script is has been indexed, indicates that every site is hosted on the following Domain Servers:
Name Server: NS1.IPOWER.COM
Name Server: NS2.IPOWER.COM
or
Name Server: NS1.IPOWERDNS.COM
Name Server: NS1.IPOWERWEB.NET
8 out of 8 sites that I cross-referenced came back with one of the above.
Futhermore, there are post showing up in the Joomla! Forums (http://forum.joomla.org/viewtopic.php?f=267&t=621440) as well as on the Wordpress Forums (http://wordpress.org/support/topic/i-di ... range-code) where other users are continuing to experience the same issue.
What does the script do:
To my knowledge, nothing. It comes back with a "Page not found." That is not to say that it won't do anything, it's just not doing anything currently - except causing additional load time by querying to an external URL.
What you should do:
If you have a site, or a client site, that is hosted on an IPOWER server, I would highly recommend that you review your site[s] to ensure their integrity. Furthermore, I would suggest you issue a Support Ticket with IPOWER and continue to monitor your site[s] for changes.
Going through the pain of switching hosting is totally up to you. I am not suggesting or recommending that you stay or move. That will depend on how IPOWER handles the situation. Hopefully they learn from MediaTemple's mistake. Some of you may recall that something similar happen with MediaTemple back in December of 2009 when one of their Grid Servers was compromised. It took them weeks to notify users and months to clean it up!
(http://www.inquisitr.com/47860/the-epic ... e-failure/)
I spent over an hour on the phone with IPOWER support earlier this evening trying to explain to their Support Representative that their servers have been compromised without much success. If that is any indication of how this is going to be handled, I would say we are in for a bumpy ride.
Good luck.