The OpenSSL server is a virtual server which shares a hypervisor with other customers of the same ISP. Our investigation found that the attack was made through insecure passwords at the hosting provider, leading to control of the hypervisor management console, which then was used to manipulate our virtual server.
OpenSSL’s hosting provider is IndIT Hosting so this may slightly tarnish the hosting company’s image. There was not vulnerability exploited in the attack, but I’m sure that Indit Hosting will improve their practices for choosing passwords.
Here is what the homepage looked like after the hack: