According to security researcher Brian Krebs, during four months of last year, a client of Hostmonster.com, the Utah-based hosting provider, exploited a bug in CPanel, a site administration tool used by Hostmonster and a number of other hosting providers.
Krebs quotes Danny Ashworth, the co-founder of Bluehost.com, a parent company to Hostmonster, as saying that a customer used the vulnerability to create almost four dozen subdomains on a number of other sites at the hosting facility.
The subdomains, he says, were linked to dozens of pages created to hijack the sites' search engine rankings, and to redirect visitors to fly-by-night online stores selling prescription drugs without a prescription.
The bogus domains, Ashworth told Krebs, were created between April and July of last year, but were live until the firm was contacted by a reporter last week.
"We added and altered some security measures in July for another issue that we found which also fixed the CPanel bug that allowed this exploit to take place, [and] although it did not allow additional records to be created/altered, it did not remove the entries that existed", said Ashworth in an email interview.
Krebs reports that this kind of search engine subversion is quite common, and often goes undetected for months by site owners.
"Experts say those responsible tend to pick on .edu, .gov and .mil domains because those domains are typically given more authority by search engines", he said in a weekend security blog posting.
"This attack shows that Webmaster and Web hosting companies alike need to remain vigilant about keeping software up-to-date and keeping an eye out for unauthorised content", he added.