
GoDaddy WordPress Blogs Infected With Malware [Alert]
- Updated On 17/04/2017
- Author : Pradeep Kumar
- Topic : Web Hosting
- Short URL : https://hellboundbloggers.com/?p=11205
CONNECT WITH HBB ON SOCIAL MEDIA
Majority of WordPress blogs hosted on GoDaddy were infected with some kind of malware for the past few days. Just now confirmed this news with some sources.
GoDaddy released this statement on 09-18-2010 at 2:43pm CST,
An exploit affected PHP files on approximately 150 Go Daddy accounts Friday afternoon. Go Daddy’s Security Team worked quickly to clean and restore these websites, however, we have detected additional customer sites that may currently be experiencing difficulties due to this same attack.
Go Daddy’s Security Team has identified the cause. Our forensics have determined malicious files are being uploaded via FTP to customer websites. Go Daddy is asking all customers who believe they have a problem to change their FTP passwords.
Meantime, our team is working swiftly to restore all affected websites and appreciates customer feedback. Go Daddy will continue to monitor as long as it takes to ensure our customer accounts are clean.
If you suspect your site was impacted, please fill out our security submission form, located here – https://www.godaddy.com/community/contactus.aspx?ci=15534§ion=support.
Thank you,
Todd Redfoot
Go Daddy Chief Information Security Officer
Common Symptoms Of This Malware
- If you visit the infected website/blog, it redirects you to websites like , http://www4.megaav-soft74.co.cc, etc.
- The .php files located on the server have the same “last modified” date and approximately the same time.
- You can find a long code like “< ?php /**/ eval(base64_decode("aWYoZnVuY3Rpb25fZXhpc..." at the top of .php files. These are the codes used to insert a malicious javascript on many sites hosted at GoDaddy.
- If you check the source code of that infected website, you can find these JavaScript codes.
<script src="http://myblindstudioinfoonline.com/ll.php"> </script>
Or
<script src="http://theblindstudioinfoonline.com/ll.php"> </script>
If Your Blog Is Infected By This Malware
You really need to calm down (like I did :D) and just follow the below mentioned basic steps.
- Just stay calm and run a virus scan on your computer to make sure it is not infected.
- Use a maintenance plugin and make your site inaccessible so that your visitors won’t be infected with this malware.
- Change the password for FTP and WordPress.
- Try this simple solution to remove all the malware.
http://blog.sucuri.net/2010/05/simple-cleanup-solution-for-the-latest-wordpress-hack.html
- Remove the “eval(base64_decode(“aWYoZnVuY3Rpb….” codes from your theme files.
P.S. It is recommended to use the latest version of browsers.
Google’s Safe Browsing Report
According to Google’s Safe Browsing report,
If you are facing serious issues, then contact GoDaddy or Security service like Sucuri.
Want to discuss your queries and interact with experts? You can connect with HellBound Bloggers (HBB) Facebook group for free!
Join HellBound Bloggers (HBB) and get Instant Updates. We'll also notify you with Great Deals, Discounts and other Interesting Tips. We won't SPAM or SHARE your Email Address with anyone.
YOU CAN ALSO SEARCH FOR YOUR DESIRED TOPICS:
Thank you for reading! We welcome and appreciate your comments, but at the same time, make sure you are adding something valuable to this article. If you have any serious queries, suggestions or anything related to this article, feel free to share them, we really appreciate that.
But, if your blog comments are a random "Thank you", "Useful Post", or anything that doesn't actually upscale the article, then we'll be removing them and it won't be appeared below. Thanks for understanding and thanks for connecting with us. If you want to give us any feedback or report any errors, you can kindly contact us and we'll revert back soon.
- Comments
- Facebook Comments
-
Comments
Leave a Reply
27 Comments
Facebook Comments
Leslie Holbrook
It’s baaaa-aaack….many, many infected GoDaddy sites; see http://ctwatchdog.com/2011/02/24/godaddy-hosting-you-might-want-to-think-twice-before-trusting-your-site-to-godaddy
It’s Kneber / Waledac. Waledac steals FTP passwords; Kneber is a ZeuS variant. Each can reinstall the other if one gets nuked.
Shaq @ Blapts Web Hosting
This is why i don't use WordPress hosting. Instead i use normal PHP hosting π there seems to be less venerabilities in my opionion
Usman
means you are on godaddy, and your site seems slow many times.
David
My web site have the same sympthons; google shows that warning. I talked to my web designer, who told me Go Daddy is infected. I called Go Daddy, they do not want to take responsability. I decided to cancel my account with Go Daddy …. I work with my web site, I am loosing money everyday because of Go Daddy. Darm!
S.Pradeep Kumar
Sad to know that mate, happy that you decided to switch, cheers. π
David
Thnaks! I have already did that. I am not with Go Daddy anymore. Everything is going well now. I am happy for that.
www.ThePankajGupta.com
This is not a good news. Members should keep updating their passwords on regular time. It will prevent such problems.
Blogging Tips
I’m safe! Hurray!
wordgeist
I wonder how many times this had happend to godaddy
esoftload
thank god my blog is safe….
Luis
this sucks I not to many people were affected by this
Joseph McDevitt
Just glad I use Hostgator right about now!!!
Mailee
A lot of my favorite blogs were infected with this malware. Oddly enough, only Google Chrome could detect it and my other browsers just opened those websites normally. I thought that my Chrome was acting up again but it’s nice to know that it was actually doing it’s job.
Benin
Just finished writing about a similiar incident. Mine appeared to have come from the “AddThis” plugin though, because after I deleted that plugin the alert went away. But I’m on a GoDaddy hosted account. So you never know…
GoDaddy + Blogs + Malware Scare = Just for Laughs
[…] way I’ve gotten rid of addthis and haven’t seen that message since. Β On a related note Hellbound Bloggers wrote a post on 9/18/10 talking about how some of GoDaddy’s customers had their WordPress […]
Mani Viswanathan
Glad it was removed soon. btw why u still using GoDaddy ?
S.Pradeep Kumar
Am waiting for the right time to switch mate.. some problem here, I need to fix something so that I won’t mess in the end. π
Benin
When you switch does it mess with your site’s crawlability on Google at all? I’ve considered this too. I’ve heard that Bluehost is really good.
Health Votes
why don’t you take the vps hosting at hostgator, at level3 with cpanel, they will import your blog for you, that way it becomes a lot safe.
but then, you can buy a hosting account and setup your blog and when everything looks good, you change the domain’s nameservers, else keep it where it is…. i did that sometime back, i was not sure that i could shift a site and i failed, but the original files where at the old host, so i just switched back the nameservers and everything was just fine again…
Mani Viswanathan
I agree with the abv commentator. You can use their Transfers page (https://secure.hostgator.com/transfer.php) to transfer from GoDaddy to Hostgator without any hassle π
Health Votes
that – “eval(base64_decode” stuff created some major problem for me in the past, the junk code was on every file of my wordpress installation… i finally took a database backup and installed the blog fresh. That time godaddy was not enough helpful, they said they can not do much and it is a 3rd party script problem…
but looks like godaddy is actively working this out, lets hope they make it hack free…
Tek3D
I hope Justhost and HostGator wouldn’t be affected by these malwares. My site was also injected this code once and it took a few days for Google to crawl my site again.
Arif Nezami
Now I’m feeling good.. Remember I reported you of that problem of HBB on saturday/sunday ??
S.Pradeep Kumar
Yup, I was scattered after seeing this warning.! π
SiRu
Hi,
I do not think very few web sites (150) are affected. Because I have seen same issue on HHB and some other websites. First I though its an issue with my browser, later google started to show warning on my browser (especially Google chrome).
I am just wondering whether my commputer is infected because I ignored these messages and checked the web sites π
CHeers
SiRu
Blogging Tips
Whoa! dude this is a serious matter, which should be taken care of by Godaddy as soon as possible.
Crunchynow
Not a great info….much concern about it….