Resolved
We have monitored the server and no new activity has been noticed.
If you are still seeing any such issues, please raise a ticket to the support team.
Posted June 26th, 2020 12:31 pm GMT 
Monitoring
We have not received any new password change notifications or multiple hits from a Pakistani IP address in this time frame.
We are monitoring the servers for some more time.
Posted June 25th, 2020 5:30 pm GMT
Investigating
What is it about?
We are seeing WHM password changes happening from Pakistani IP addresses the mentioned servers.
Who is affected?
As per the primary investigations, it is not a root level hack and customers who were using weak passwords got compromised.
What needs to be done on the server to fix this?
We have blocked the IP addresses that were trying to hit the password API to change the passwords and gain access to data and we are continually doing that. However, please ensure to change the password for WHM as well as cPanel accounts to a strong one so that we can reduce the chances for the hacker to hit domains with weaker passwords.
Posted June 25th, 2020 11:49 am GMT
Affected Services
- Linux Web Hosting
Affected Servers
- bh-62.webhostbox.net
- bh-64.webhostbox.net