The hack took place on Saturday afternoon and was carried out by a hacker calling himself Dhostpwned, the name he used when he spoke with Bleeping Computer earlier today.
Hacker used PHP shell to take over hosting provider.
According to a wiki page published by the Deep Hosting team, the hack took place after the hacker registered a shared hosting account on their service, and used it to upload two shells on their servers, one written in PHP and one in Perl.
Deep Hosting investigation into the events that preceded the hack showed that the attacker was not able to execute the Perl shell, but the PHP version worked just fine.
According to a timeline of their investigation — embedded below — it took the Deep Hosting almost a full day to understand what really happened, detect the point of intrusion, and change FTP and SQL password for all user accounts.
