gwj72 – if the intention of the hack was to gain revenue, they would have simply re-directed the payment processing link to their own system.
The rest of the site would have remained operational as normal..
Interestingly, the website design company who did their site – http://www.kjbis.com – has a very broken webpage (not even a site – just 404s for the images).
Although it’s back now (while I’ve been typing this).
Their clients website – http://www.outlandstone.co.uk/ – seems to be having technical issues too…
All three domains A-Record points towards the same server – 91.192.192.66 – which indicated it’s the server that has been rooted/compromised, not MTB-Direct’s website on it’s own.
KJB Internet Services’ head will be on the block!!
So it looks like it was an insecure + unpatched server which got pwnd.
Further to add to my post…
The IP resolves to Nottingham, and the owner of which is:
inetnum: 91.192.192.0 – 91.192.195.255
netname: COMPUWEB-COMMUNICATIONS
Also known as: http://www.cwcs.co.uk/
Who own a Data Centre in Nottingham, who run dedicated servers.
So my purely theoretical conclusion is: KJB Internet Services rent a dedicated server from CWCS, but don’t have sufficient knowledge to secure it properly…. hence they’ve been taken down.