The issue has been fixed and all websites are back up.

We have restored a backup of our files which have restored our websites to the previous state - everything is back up. We are still investigating an issue with Node.js not appearing in DirectAdmin. All of our webapp environments have been reset to production. If you have any beta version webapps that we have published for testing that are dependent on a development environment, they will have bugs. We are working on getting this fixed.

As we purge all files from the attack, websites will be down.

Portal and DangoID recovered.

We have contacted support and our providers have restored some sites.

DangoAPI went down.

DangoID went down.

Someone has gone into our account and placed files everywhere, ultimately taking down all our domains using Node.js. This affects only our main websites, including DangoAPI and DangoID, but not client websites.