By Month

Support

Urgent Security Update and Migration for Server ATLAS

  • Saturday, 2nd May, 2026
  • 06:32am

Dear Client,

We are writing to inform you of a critical security event affecting our server Atlas (47.242.69.79). On April 28, 2026, a major vulnerability was disclosed by the cPanel & WHM security team, identified as CVE-2026-41940.

The Technical Issue

The CVE-2026-41940 vulnerability allowed unauthorized attackers to exploit a flaw in the cPanel/WHM management interface. This exploit permitted high-privilege command execution, which attackers have used globally to deploy automated scripts designed to scan filesystems for sensitive data and API credentials.

Our monitoring team identified that the Atlas server was targeted by one of these automated attacks. Because the breach occurred at the system level, we are taking the most aggressive security stance possible to protect your data.

Our Response & Your Data Security

To ensure the absolute integrity of your hosting environment and to remove any potential hidden backdoors left by the attackers, we are performing the following actions:

  • Server Decommissioning: The current Atlas server is being retired immediately.

  • Migration to Clean Infrastructure: All accounts are being moved to a new, hardened, and fully patched environment.

  • Restoration Point: To guarantee your files are untainted, we are restoring all accounts from backups taken 3 days ago. This restoration point predates the security breach, ensuring a "clean slate" for your website.

  • Data Impact: Please note that any files uploaded, emails received, or website changes made between April 28th and today will likely need to be re-applied or re-synced.

Mandatory Security Actions for Clients

Once your migration is complete and your site is live on the new infrastructure, you must perform the following:

  1. Password Resets: Update all passwords for cPanel, FTP, and Databases immediately.

  2. API Key Rotation: If your applications utilize third-party services (such as Stripe, AWS, Binance, or GitHub), you must revoke your current API keys and generate new ones, as we must assume existing keys were exposed during the scan.

We sincerely apologize for the disruption. While this migration is a significant undertaking, it is the only way to ensure your data remains secure following a root-level system compromise.

Sincerely,

Internet Solutions HK team

Back

Support