R o o t s e c u r e . n e t
The Security News Site For Systems Administrators & Hackers Wednesday, 22nd October 2014 @ 05:46:09 GMT 
Reports | 856 NetWeaver sites defaced
{10th May 2003}
Around 856 websites are understood to have been affected after a group going by the name of 'BloodBR' compromised a virtual server belonging to NetWeaver limited, who "provide premium quality independent hosting solutions to small businesses and professional home users" for UK residents.

Sites briefly displayed the message "Blood BR Got Root?", however the only immediately notable defacement was that of leagueconference.com.  This is the second time in as many months that a United Kingdom based web hosting firm has suffered a high profile mass defacement of sites stored on a virtual server.  [BBC News: Hacker causes havoc for websites]

NetWeaver responded promptly to the incident by replacing the index page on all affected sites with the following message:

--- Missing Index File
For the account owner:

Please FTP into your webspace and re-uplolad your index file. (Index.html, index.php, etc). You will need to remove this file first (index.php) before you upload.

NetWeaver sincerely apologises for this inconvenience. All other files are unaffected. We will be emailing shortly with further details.

A similar message was later posted on netweaver.info the NetWeaver status page:

--- Fri, 9th May 2003
Roz users


Some users of roz.netweaver.net may need to reupload your index file. (And no others). You will need to delete our placeholder index file first, then re-upload your old one.

Information on the incident will follow in an email later.

BloodBR accounted for 57.3% of defacements carried out on the 9th of May 2003 (based on figures from Zone-H).