1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Read this if your WP blogs are hosted on GoDaddy

Discussion in 'Blogging' started by gregstereo, Apr 26, 2010.

  1. gregstereo

    gregstereo Elite Member

    Oct 5, 2009
    Likes Received:
    I'm known to locate certain things from time to ti
    Moose Factory, ON


    Hi guys,
    Sid here. I want to warn you guys about a massive exploit that has hit a large number of Godaddy Hosted Wordpress Blogs this weekend
    This hack appears to redirect visitors upon arrival from Google and attempts to install malware on their computers. When I was visiting the site directly, whether logged in or as an Admin, even if I could see the malicious script in my view-source window I did not have any issues and it did not redirect me. This means your site could be hacked and infected and you may be unaware.
    I noticed a couple key giveaways:

    • In view source, you will see <script src=?http://cechirecom.com/js.php?> located just above the </body> tag on all .php files. If you view source and see this, that?s cause for alarm
    • When logged in, you?ll have a screwed up Wordpress dashboard. Basically it looks like it is messing up the loading of some CSS in the Wordpress Admin area, causing everything to look like the image below:

    When arriving from Google, a hacked website will redirect to http://www2.burnvirusnow34.xorg.pl/
    The good news is this attack appears to be based only on your actual files ? not your database. That?s relatively easy to clean up. In GoDaddy you should be able to revert to an old version of your files (Go to April 23rd or before and you should be fine)​
    The bad news is we don?t know at this point how the hackers are gaining access.​
    So far, here?s what I?ve found out about Godaddy?s stance, from another blog that?s also covering this issue:​
    ?Measures are in place to protect the overall security of the shared hosting server on which your website resides. The compromise of your account is outside of the scope of security that we provide for you. Virus scans are performed on the content that is hosted, but they may not pick up everything, largely due to the fact that hackers tend to upload custom scripts which are not picked up by traditional malware scanners. However, if a virus is detected, you will be notified. The overall security of your password and the content within your account is your responsibility, as password compromises and compromises due to scripting can only be prevented by you.?​
    Please forward this post to your friends, and help us get the word out. It looks like this has compromised a large number of blogs, and especially since it happened over the weekend, there?s a good chance many bloggers haven?t noticed it.​