000webhost空間被黑的信息，最先是通過朋友在博客留言告訴我的，當時第一個反應(yīng)就是不敢相信。接著有看到FreeBuf和v2ex關(guān)于000webhost空間被拖庫的新聞，基本上可以確定000webhost空間被黑的事實了?，F(xiàn)在000webhost官方在FB主頁和官網(wǎng)中都已經(jīng)證實此事。

作為空間商都有可能被黑客的盯上的可能，但是000webhost空間被黑事情讓我感覺到震驚的原因就是：000webhost空間的1350萬明文密碼泄露，用戶泄露的信息包括用戶名、明文密碼、郵箱地址、IP地址、用戶真實的姓氏，意味著如果之前有在000webhost空間注冊過賬號的都可能被泄露了。

前一段時間網(wǎng)易郵箱被爆出“問題”，部落根本沒有放在心上，因為我現(xiàn)在用的郵箱都是Gmail，以Google的能力在保護數(shù)據(jù)安全方面還是挺讓人放心的。但是000webhost空間被爆出問題，就讓我非常擔心了，因為我的建站之旅就是從000webhost開始的。

博客寫的第一篇文章就是關(guān)于000webhost內(nèi)容的，因為當時建站時還是學(xué)生，沒有多余的錢購買付費的空間，加上當時000webhost空間已經(jīng)在免費空間“圈子”中做出了“名氣”，于是就將部落搭建在000webhost空間上。注冊賬號都是用了自己的常用郵箱、用戶名和密碼等。

000webhost空間的1350萬明文密碼泄露，對于我們這些曾經(jīng)用過它的空間的人來說是非?？膳碌模幸粋€熱心朋友在我的博客留言說覺得有必要提醒一下大家。確實如此，很多站長都是從免費空間中走過來的，如果你現(xiàn)在用的域名和空間的郵箱都是和000webhost空間一樣的，那么強烈建議你趕緊修改！

保護域名和主機安全-從000webhost空間被黑談使用免費空間的自我保護

一、000webhost空間被黑事件

1、000webhost空間是免費空間中的做得很有名氣的一家，很多人都申請過000webhost，包括部落自己不止一次介紹過000webhost空間的申請和使用方法：成功申請000webhost免費php空間、000webhost老牌免費空間變化的觀察。

2、000webhost空間目前已強制重置了所有用戶的密碼并且禁用了FTP（As all the passwords have been changed to random values），打開官網(wǎng)現(xiàn)在也能看到官方的提示：“We have witnessed a database breach on our main server”。

3、點擊[Read More]可以看到官方對此次事件的說明。

4、以下是官方說明的英文原文。

What happened? (000webhost hacked)

A hacker used an exploit in an old PHP version, that we were using on 000webhost website, in order to gain Access to our systems. Data that has been stolen includes usernames, passwords, email addresses, IP addresses and names.

Although the whole database has been compromised, we are mostly concerned about the 000webhost leaked client information.

What did we do about it?

We have been aware of this issue since 27th of October and our team started to troubleshoot and resolve this issue the same day, immediately after becoming aware of this issue.

In an effort to protect our users we have temporarily blocked access to systems affected by this security flaw. We will re-enable access to the affected systems after an investigation and once all security issues have been resolved. Affected systems include our website and our members area. Additionally we have temporarily blocked FTP access, as FTP passwords have been dumped as well.

We reseted all users passwords in our systems and increased the level of encryption to prevent such issues in the future.

We are still working around the clock to identify and eliminate all security flaws. We will get back to providing the free service soon. We are also updating and patching our systems.

What do you need to do?

As all the passwords have been changed to random values, you now need to reset them when the service goes live again.

DO NOT USE YOUR PREVIOUS PASSWORD.

PLEASE ALSO CHANGE YOUR PASSWORDS IF YOU USED THE SAME PASSWORD FOR OTHER SERVICES.

We also recommend that you use Two Factor Authentication (TFA) and a different password for every service whenever possible. We can recommend the Authy authenticator app and the LastPass password manager.

We are sorry

At 000webhost we are committed to protect user information and our systems. We are sorry and sincerely apologize we didn't manage to live up to that.

At 000webhost our top priority remains the same - to provide free quality web hosting for everyone. The 000webhost community is a big family, exploring and using the possibilities of the internet together.

Our leadership team will closely monitor this issue and will do everything possible to earn your trust every day.

Sincerely,

000webhost CEO,

Arnas Stuopelis

5、現(xiàn)在000webhost空間已經(jīng)關(guān)閉了新用戶注冊，開放注冊時間未知。