[Elik]

Greetings,

First of all, not all accounts are hacked, but quite a few, and from the looks of it, it was done by one person managing to trick one tech to setup the free account with shell account which in turn, he exploited the server by the kernel security hole in the server. However, it happened just few days after the information of the security exploit was released to the public and I didn't have a chance to update the server with it, since I was busy updating the main production servers first, and this server is last in line.

The account in question have been terminated and removed and all other accounts that managed to get shell got terminated and removed as well. So for the rest of the people who have accounts, they have to re-upload their files to replace those index pages to have it back to normal. Everything else is pretty much secure, since he targeted the pure-ftpd and hijacked it to make those changes on the server.