2008-12-18: If you have a webhosting account at Host-Excellence or IX-Webhosting then you will have received on an email from Fatima Said with the Subject-line "Secure Your Website from Hackers" much like this email from HostExcellence.
Fathi, or rather Fatima, says that after their actions my website is now secure. That is untrue. Roughly one week after the Said email, my .htaccess file was replaced by someone other than me. She says the way this happened was that a virus on my computer collected my FTP-user-name and password from my computer and used that information to upload a file named .htaccess to my website. That is untrue!! My computer runs Linux which is immune to that virus designed for Windows. The only other computer where that password has any business being is theirs. Their FAQ states "we have never been hacked". That is untrue.
Here is what she meant to say:
Dear customer of Host-Excellence/IX-webhosting/etc,
We here at eCommerce have screwed up. Because of our screwup, and through no fault of yours, your website is currently being hijacked and will be continue to be subject to such hijacking until you do the following:
Please note that until you change your FTP-Password your website is NOT secure!!
We are truly sorry about this,
Fathi Said, CEO of Host Excellence
Fatima Said, CCO of Host Excellence
2009-02-18: today another email from HostExcellence indicates they have finally figured out what was obvious to the rest of us two months ago -- that their customers need to change their FTP-passwords.