Dear Customers,
We have disabled remote FTP access on all servers. Recently all our servers were targeted by a server based in Gnax datacenter ( US based ) and index page of certain
website hostings who had weak FTP password were injected.
We have executed mass replacement scripts which have removed those injection but we cannot open FTP port unless cpanel finds a solution on this problem. those who need FTP access should request support team to add their IP address in allowed list for FTP access for respective username.
If you still see the injected code in your files then there's no need to panic. remove it using file manager in your control panel or request our support team to do so. I will post link to a form which should be used to request FTP access.
There's a long discussion going on cpanel forum regarding this injections but there has been no solution so far. this injection has occurred due to vulnerability in pure-ftp service and nothing else could be done besides injection of iframe code.
There's a long thread running on cpanel forum :-
http://forums.cpanel.net/showthread.php?t=62821&page=11
so far no solution. We will need to keep global FTP access disabled till cpanel replies with a solution.
All customers are request to choose a complicated FTP password of at least 10 characters. You can reset your password from control panel.