See: http://evuln.com/labs/hackedby/3432/
How to fix: http://dreamdare.org/tips-tricks/how-to-fix-inmotion-hosting-hack-tiger-mate/ (link article author Chris from Dreamdare Production)
Recently defaced: http://evuln.com/tools/malware-scanner/julbru.com/ (see: http://www.dnsbltools.com/julbru.com)
I get a
like: http://www.solarelectricpower.com/index.php-HACKED
On an earlier hack: http://www.webhostinghub.com/support/website/website-troubleshooting/status-of-september-tiger-mte-attack
On earlier fix: http://randombits.workingagenda.com/node/20 (link poster = James Love)

polonus

Massed defacement could have taken place through a root dump of for instance rox.php on vulnerable systems.
Interesting read how to defend against these attacks, see: http://wiki.vpslink.com/Defend_Against_Web_Application_Exploits:_Remote_File_Inclusion_and_Local_Filesystem_Access
(link article by VPSLink Wiki)

polonus

Updated hacked website with placeholder file…
See: http://killmalware.com/usbub.com/#
See: Placeholder file for previously hacked file that contained string HackeD By TiGER-M@TE →
See: http://toolbar.netcraft.com/site_report?url=http://usbub.com
Missed: https://www.virustotal.com/nl/url/4d944f9d7da13f37dd718e9d87026e69b863625e3397d146da797a23ee4552ef/analysis/1451391818/ & http://quttera.com/detailed_report/usbub.com & https://sitecheck.sucuri.net/results/usbub.com#sitecheck-details
Re: http://toolbar.netcraft.com/site_report?url=http://74.124.203.80 & http://toolbar.netcraft.com/site_report?url=http://vps840.inmotionhosting.com
Re: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fvps840.inmotionhosting.com%2Fcgi-sys%2Fdefaultwebpage.cgi
http://www.domxssscanner.com/scan?url=http%3A%2F%2Fusbub.com%2F

pol