cPanel Security Incident — Recovery Progress & Live Updates

Hostao has now scheduled another affected master reseller environment for a controlled live migration beginning on 17 May at 4:00 UTC as part of the final recovery programme. The move is intended to improve platform stability without a full outage, and the existing IP allocation is expected to remain unchanged after completion. Hostao currently expects the migration cycle to take around 48 to 72 hours once underway. Customers on that environment should avoid major site or application changes during the migration window, and FTP access may be limited temporarily while data consistency and mailbox sync are protected.

Hostao has returned one of the last extended Hong Kong reseller environments to service after its clean operating-system rebuild and restoration cycle completed successfully. Customers using Hostao nameservers do not need to make any DNS changes. Customers using external DNS providers should temporarily point their domain A records to 64.120.114.206 while traffic continues through the current shared addressing arrangement, and any later account-level IP updates will be issued separately if required.

Hostao has placed one of the last unresolved Hong Kong reseller environments onto a full clean-rebuild path after deeper engineering review found operating-system-level damage on that node. The platform team is replacing the OS drive, retaining the existing IP allocation, and rebuilding the server foundation before controlled restoration resumes. That environment is presently tracking on an extended 48 to 72 hour recovery window, while the wider recovery position across the remaining affected estate is otherwise unchanged.

Hostao has now returned a previously extended Singapore reseller environment to service after its clean rebuild and controlled restoration track completed successfully. The affected platform is back online on its existing IP allocation, so no DNS updates are required for customers on that environment. If any individual website, mailbox, or control-panel path still needs checking after service return, Hostao support can review it case by case while the wider recovery programme continues to narrow.

Hostao had previously moved one of the remaining Singapore reseller environments into a deeper recovery track after post-incident review confirmed operating system corruption on that node. Engineering replaced the OS drive, kept the existing IP allocation in place, and rebuilt the platform on a clean operating system base before staged restoration resumed.

Hostao narrowed recovery attention to a smaller group of remaining environments that were still moving through restoration, migration, IP finalization, or deeper data recovery. At that stage, Nicole remained in operating-system reload and cPanel reinstallation with backup restoration underway, Kylie was already serving sites while the remaining IP change was being closed, Corp1 and USVIP2 were still on heavier recovery tracks, Mint2 had returned on patched service while final allocation work continued, Britz was in the last IP-change step after restore completion, HKVIP1 was being moved toward a replacement environment, and USVIP1 had already completed its reload-and-return cycle. This checkpoint materially reduced the unresolved list even before the later Singapore, Hong Kong, and master reseller updates were issued.

Hostao recovery is now effectively in its closing phase, with most impacted services already restored and only a short exception list still under deeper engineering review. Shared and SEO hosting are back across the estate aside from Tania and Nicole, which remain without a confirmed return window, plus Kylie and Britz, which are presently tracking toward roughly 24-hour and 18-hour completion targets. Reseller websites are restored across the affected footprint apart from USVIP2, Corp1, Mint2, and HKVIP1, which remain without a firm ETA, and Budget1, which is currently tracking toward roughly 24 hours. VPS recovery is holding near 95%, Baremetal dedicated systems near 98%, and Smart Cloud near 97%. cPanel access on affected systems remains deliberately restricted while protected backup completion and final security validation are carried through before wider control-panel access resumes.

Hostao recovery is now in its closing phase, with customer-facing services restored across nearly the full affected estate. Shared and SEO hosting are fully back apart from four remaining environments still under specialist recovery review, while reseller websites are online across almost the full footprint with five environments still pending final clearance. VPS recovery has advanced to roughly 95%, Baremetal dedicated systems are around 98%, and Smart Cloud platforms are near 97%. cPanel access on affected systems remains deliberately paused while final protected backups and security validation are completed before access is reopened.

Hostao recovery has moved into its final stretch. Shared and SEO hosting are now at effectively full restoration with only four remaining environments still being cleared, and reseller websites are back across almost the entire affected estate with six environments still pending final return. VPS recovery is holding near 80%, Baremetal dedicated systems are around 95%, and Smart Cloud recovery remains near 80%. As a continued security safeguard, cPanel access stays intentionally restricted on affected systems until the permanent platform-level fix is released and fully validated.

Hostao has completed another incident review pass and the public recovery position is now materially clearer. The latest checkpoint still shows the majority of affected services either restored or under final validation, while a smaller set of deeper-impact environments remains on a controlled repair track. Shared and SEO services continue around the 60% restoration range, USA reseller recovery remains close to 95%, other reseller regions remain around 85%, VPS recovery is near 70%, Baremetal dedicated systems remain around 90%, and Smart Cloud recovery is around 80%. Public Hostao pages are reachable, but some customer control-panel access on previously affected systems may remain restricted until final security clearance is completed.

Hostao has received a stronger recovery signal this morning. Most impacted environments are now either restored or in the final stretch of patch validation, with only a limited subset still requiring deeper repair work before they can be cleared for return to service. Current restoration checkpoints indicate Shared and SEO platforms are roughly 60% back online, USA reseller capacity is near 95% restored, reseller environments in other regions are around 85% online, VPS recovery is near 70%, Baremetal dedicated systems are around 90%, and Smart Cloud recovery has reached about 80%. Alternate control panel services remain fully available and outside this incident scope.

Recovery advanced materially through the prior checkpoint, with most affected environments moving through patching, hardening, and staged reactivation. At that stage, Shared and SEO services were about 50% online, USA reseller recovery had reached roughly 90%, reseller platforms in other regions were near 60%, VPS services were around 65%, Baremetal dedicated systems were near 70%, and Smart Cloud platforms were about 60% restored. Systems on alternate control panel infrastructure remained outside the affected scope.

Recovery moved into a broader restoration phase, with about half of the affected SEO estate brought back and roughly 30% of impacted Baremetal and Smart Cloud systems completing recovery. Remaining systems continued through controlled rebuild and security review before broader access could resume.

An additional kernel-level security review is being applied across relevant systems as part of the recovery track. Systems that were already brought back online are also being rechecked against the latest hardening requirements. No customer action is required, but these extra safeguards may slightly extend the overall restoration timeline.

Recovery continued to expand across the affected estate, with about 40% of impacted servers restored and a large portion of USA reseller capacity returned. On recovered systems, websites and email may already be available, while cPanel and webmail remain temporarily restricted until the final security clearance is completed.

Early restoration milestones were achieved across the affected platform, including a meaningful portion of reseller environments. At that stage, systems were still moving through patching, hardening, and service validation before normal access could resume.

Rebuild and patch work continued through the night. Affected environments are being reloaded, upgraded, and fully checked before being returned to production use.

The first recovery wave began after containment was completed. Isolated systems moved into verification and staged restoration.

As a safety measure, affected cPanel-related services were temporarily taken offline while the incident was being contained and reviewed.

Hostao activated incident response procedures immediately after identifying a serious cPanel security event that required containment, review, and controlled recovery planning.