Warning! Massive Number of Godaddy WordPress Blogs Hacked This Weekend

Sid, it would be helpful if a date and time stamp was attached to this post. When you say "this weekend" there is not time reference. How recent is this post.

I just started a WordPress site with GoDaddy last week. I first noticed soemthign odd 2 days ago when the footer of my site all of a sudden had a "teen porn" link. I deleted the footer and recreateda new one but the link reappeared. I thne downloaded and installed a new template and that issue was resolved. PROBLEM TODAY is that the site CAN NOT be accessed at all and many other Wordpress users are posting the same problem. My site is www.diningbydenis.com. The error page that comes us is not GoDaddy's usual "call us" page.

I just started a WordPress site with GoDaddy last week. I first noticed soemthign odd 2 days ago when the footer of my site all of a sudden had a "teen porn" link. I deleted the footer and recreateda new one but the link reappeared. I thne downloaded and installed a new template and that issue was resolved. PROBLEM TODAY is that the site CAN NOT be accessed at all and many other Wordpress users are posting the same problem. My site is www.diningbydenis.com. The error page that comes us is not GoDaddy's usual "call us" page.

LOL. Nice try. I had JUST set up WordPress at Godaddy's WordPress hosting and got hacked.

LOL. Nice try. I had JUST set up WordPress at Godaddy's WordPress hosting and got hacked.

there's no date on this article. when did this happen?

there's no date on this article. when did this happen?

looks like you've got the virus again too - I'm on my third run!

looks like you've got the virus again too - I'm on my third run!

Everyone, you should check out our free and simple plugin to lockdown Wordpress.. takes just a few mins, and boom you're done!

www.sitesecuritymonitor.com or direct: http://wordpress.org/extend/plugins/wp-secure-b...

Everyone, you should check out our free and simple plugin to lockdown Wordpress.. takes just a few mins, and boom you're done!

www.sitesecuritymonitor.com or direct: http://wordpress.org/extend/plugins/wp-secure-by-s...

#1 - I was notified of the malware problem first by loyal readers, not by GoDaddy - I have a big issue with that. Courtesy email?

#2 - I WAS running Wordpress 2.9.2 with updated plugins and unique passwords, yet I now have 19 infected websites.

#3 - I HAVE followed the GoDaddy procedures at that URL and the infection persists. Looking through scores of include directories for funny file names (*.jpg.php)? Are you serious?

Honestly - after so many years with GoDaddy I expected better support during a crisis...its obvious that no one has my back.

#1 - I was notified of the malware problem first by loyal readers, not by GoDaddy - I have a big issue with that. Courtesy email?

#2 - I WAS running Wordpress 2.9.2 with updated plugins and unique passwords, yet I now have 19 infected websites.

#3 - I HAVE followed the GoDaddy procedures at that URL and the infection persists. Looking through scores of include directories for funny file names (*.jpg.php)? Are you serious?

Honestly - after so many years with GoDaddy I expected better support during a crisis...its obvious that no one has my back.

I've been preaching for years about WordPress Security and it always seems to take a backseat, I suppose because learning how to secure WordPress isn't fun and doesn't seem necessary until you actually need it.

These attacks are quite sneaky and have a way around many security upgrades and what we need in place is a way to monitor the changes when they come.

I hope you don't mind the link dropping, but you might want to check out WordPress Defender: 30 Ways to Secure Your Blog From Attack Anyone Can Do... it's well worth the small investment and is loaded with a ton of WordPress and blog security info.

A nice well-rounded WordPress security system will include:

- monitoring for intrusions and changes
- firewalls to block against sql injection
- being ready for the day your blog does get hacked

Though it's not nearly enough, here's a great place to start:

Install these plugins:
- Login Lockdown
- WordPress Firewall
- Block Bad Queries
- WordPress File Monitor

I've been preaching for years about WordPress Security and it always seems to take a backseat, I suppose because learning how to secure WordPress isn't fun and doesn't seem necessary until you actually need it.

These attacks are quite sneaky and have a way around many security upgrades and what we need in place is a way to monitor the changes when they come.

I hope you don't mind the link dropping, but you might want to check out WordPress Defender: 30 Ways to Secure Your Blog From Attack Anyone Can Do... it's well worth the small investment and is loaded with a ton of WordPress and blog security info.

A nice well-rounded WordPress security system will include:

- monitoring for intrusions and changes
- firewalls to block against sql injection
- being ready for the day your blog does get hacked

Though it's not nearly enough, here's a great place to start:

Install these plugins:
- Login Lockdown
- WordPress Firewall
- Block Bad Queries
- WordPress File Monitor

Upgrading alone doesn't fix it. We have complete instructions for correcting the issue at http://fwd4.me/MFJ

Alicia

Sorry, godaddy. But you're wrong. I was fully updated to the latest version of Wordpress and still got hacked. Twice. And every support person I talked to gave me the same line about how it wasn't godaddy's fault, but mine.

That's why I'm moving my blogs elsewhere. If people can't get support from their host, they're totally on their own.

Upgrading alone doesn't fix it. We have complete instructions for correcting the issue at http://fwd4.me/MFJ

Alicia

Sorry, godaddy. But you're wrong. I was fully updated to the latest version of Wordpress and still got hacked. Twice. And every support person I talked to gave me the same line about how it wasn't godaddy's fault, but mine.

That's why I'm moving my blogs elsewhere. If people can't get support from their host, they're totally on their own.

I'm a social media utilizer - and my sites were hacked as well - second time in a week - we're trying to get some motion behind godaddy and make them hire some people or do something to make their service more secure. As such I'm starting a Twitter grassroots campaign. I'm no way affiliated w/ the link - but we all need to tweet this message and retweet it as often as possible today - we're trying to get #ihategodaddy as a trending topic.

The tweet: RT @patrickcurl Customers transferring OUT of GoDaddy QUADRUPLE! http://bit.ly/dvwtoT #ihategodaddy pls RT

I'm a social media utilizer - and my sites were hacked as well - second time in a week - we're trying to get some motion behind godaddy and make them hire some people or do something to make their service more secure. As such I'm starting a Twitter grassroots campaign. I'm no way affiliated w/ the link - but we all need to tweet this message and retweet it as often as possible today - we're trying to get #ihategodaddy as a trending topic.

The tweet: RT @patrickcurl Customers transferring OUT of GoDaddy QUADRUPLE! http://bit.ly/dvwtoT #ihategodaddy pls RT

Just got directed here, from google, and guess what? Unfortunetly, your site appears to be hacked as it tried to redirect me!!! GoDaddy, get your act together!!!

I'm a social media utilizer - and my sites were hacked as well - second time in a week - we're trying to get some motion behind godaddy and make them hire some people or do something to make their service more secure. As such I'm starting a Twitter grassroots campaign. I'm no way affiliated w/ the link - but we all need to tweet this message and retweet it as often as possible today - we're trying to get #ihategodaddy as a trending topic.

The tweet: RT @patrickcurl Customers transferring OUT of GoDaddy QUADRUPLE! http://bit.ly/dvwtoT #ihategodaddy pls RT

I'm a social media utilizer - and my sites were hacked as well - second time in a week - we're trying to get some motion behind godaddy and make them hire some people or do something to make their service more secure. As such I'm starting a Twitter grassroots campaign. I'm no way affiliated w/ the link - but we all need to tweet this message and retweet it as often as possible today - we're trying to get #ihategodaddy as a trending topic.

The tweet: RT @patrickcurl Customers transferring OUT of GoDaddy QUADRUPLE! http://bit.ly/dvwtoT #ihategodaddy pls RT

Just got directed here, from google, and guess what? Unfortunetly, your site appears to be hacked as it tried to redirect me!!! GoDaddy, get your act together!!!

A few of our customers were affected. Here's what our CISO had to say about it:

"WordPress is a-ok. Go Daddy is rock solid. Neither were 'hacked,' as some have speculated.

After an extensive investigation, we can report there was a small group of customers negatively impacted. What happened? Those users had outdated versions of the popular blogging software, set up in a particular way.

This underscores the importance of installing the latest Web applications, no matter where you are on the Internet. If you use Hosting Connection, automatically update WordPress to version 2.9.2 using the simple 3-step update offered when you log-in.

And, while we're on the topic of Web security and Best Practices - be sure all your online passwords are unique, secure, and in a safe place."

If you have questions or you'd like someone to take a look at your WordPress site, please get in touch with our 24/7 support team at http://fwd4.me/MBI

Alicia

A few of our customers were affected. Here's what our CISO had to say about it:

"WordPress is a-ok. Go Daddy is rock solid. Neither were 'hacked,' as some have speculated.

After an extensive investigation, we can report there was a small group of customers negatively impacted. What happened? Those users had outdated versions of the popular blogging software, set up in a particular way.

This underscores the importance of installing the latest Web applications, no matter where you are on the Internet. If you use Hosting Connection, automatically update WordPress to version 2.9.2 using the simple 3-step update offered when you log-in.

And, while we're on the topic of Web security and Best Practices - be sure all your online passwords are unique, secure, and in a safe place."

If you have questions or you'd like someone to take a look at your WordPress site, please get in touch with our 24/7 support team at http://fwd4.me/MBI

Alicia

It affected media temple and network solutions too.

read it here..
http://wordpress.org/development/2010/04/file-p...

It affected media temple and network solutions too.

read it here..
http://wordpress.org/development/2010/04/file-perm...

Thank you for the heads up

Thank you for the heads up

On Friday, all my permissions were set correctly, as recommended by the WordPress codex. I still got hacked. It's not as easy as saying "everybody had their permissions set wrong"; there's a lot more to it than that, and I hope GoDaddy tell us what the problem was once they figure it out instead of just saying "we've fixed it".

On Friday, all my permissions were set correctly, as recommended by the WordPress codex. I still got hacked. It's not as easy as saying "everybody had their permissions set wrong"; there's a lot more to it than that, and I hope GoDaddy tell us what the problem was once they figure it out instead of just saying "we've fixed it".

Thanks for the heads-up guys!

Thanks for the heads-up guys!

Take a look at this http://bit.ly/9Uj7uh there you will find some explanations

interesting, why only godaddy?

Have you informed GoDaddy of this?

It's doubtful that the PHP version would do anything, PHP 5 wouldn't be doing much additionally to protect against the vulns; it's more an issue of server setup and also how poorly Worm^Hdpress is coded.

If you can setup a Linux server via SSH (read, no Cpanel), install an HTTPD daemon and MySQL and install Wordpress yourself, there's always a $10/mo VPS from http://swvps.com/linux-vps.html

We had the same problems in our site. They use a flaw on the file upload of wordpress which allows them to upload new files working as a trojan horse. If you need more info contact me at rei@yahoo.com.

Spend a bit more on a provider like utropicmedia.net that doesn't oversell their servers and or have many of these problems.

I got hacked Wednesday afternoon (April 21st), then spent 6-7 hours cleaning stuff up and getting the blog back up. My site was redirecting everyone, whether they arrived via a search engine or directly. I installed a bunch of security plugins, but no firewall as I couldn't get it to install properly.

Then on Friday night I was hacked again; found out when I woke up Saturday morning. I've spent the whole weekend reading hacking techniques to try finding traces in my files and database. I found nothing suspicious in my database, and in my WP files all that happened was that every single PHP file was infected with a base64_decode entry at the top. This is why not only the blog itself is affected, but also the admin panel.

I now have a WP firewall properly configured, so I hope between that and GoDaddy getting their act together, I won't be hacked again. My website isn't my job--it's meant to be fun, and dealing with F#&*ing hackers is NOT fun.

cssgareth, it's more like $12/month for hosting with the lowest bandwidth allowance, which is what I use. Should that not entitle me to some protection from hackers? Where would you suggest I host it? I'm all for viable alternatives.

Thanks for sharing this info! I took a look at the source of my files after logging into the admin area, I can't seem to find the script anywhere or any issues of any kind. I'm guessing it missed me, not sure why or how. I'm using WordPress 2.9.2. I have MySQL 5.x and PHP 5 on as well. Do we know if this is something that just hit PHP 4 users?

I wanted to send you a quick update. Godaddy's Security Department just called me and they're working to track the source of this malware. They have located a small php file (3k) that sends a shell command to inject malicious code and quickly leaves. We are asking for the public's help. If you're hosting on Godaddy and have been infected with this virus, please visit our website and submit your domain name and date/time you were attacked - http://www.wpsecuritylock.com/cechriecom-com-sc...

There was a very similar exploit that made the godaddy wordpress round that redirected to ninoplas.com
First google link for wordpress ninoplas has good information and a strategy for cleaning up.

Take a look at this http://bit.ly/9Uj7uh there you will find some explanations

interesting, why only godaddy?