Comments on: Warning! Massive Number of Godaddy WordPress Blogs Hacked This Weekend

By: Travel blog security - No Place To Be | No Place To Be

Travel blog security - No Place To Be | No Place To Be — Tue, 23 Nov 2010 07:46:26 +0000

[...] has attacked a large amount of WordPress blogs over the last few weeks. For more information click here. Apologies to anyone who might have tried to access the site and got redirected but it did give us [...]

By: RJH

RJH — Thu, 07 Oct 2010 03:09:06 +0000

Sid, it would be helpful if a date and time stamp was attached to this post. When you say “this weekend” there is not time reference. How recent is this post.

By: RJH

RJH — Thu, 07 Oct 2010 03:09:06 +0000

Sid, it would be helpful if a date and time stamp was attached to this post. When you say “this weekend” there is not time reference. How recent is this post.

By: Chef Denis

Chef Denis — Wed, 23 Jun 2010 03:33:44 +0000

I just started a WordPress site with GoDaddy last week. I first noticed soemthign odd 2 days ago when the footer of my site all of a sudden had a "teen porn" link. I deleted the footer and recreateda new one but the link reappeared. I thne downloaded and installed a new template and that issue was resolved. PROBLEM TODAY is that the site CAN NOT be accessed at all and many other Wordpress users are posting the same problem. My site is www.diningbydenis.com. The error page that comes us is not GoDaddy's usual "call us" page.

By: Chef Denis

Chef Denis — Tue, 22 Jun 2010 20:33:44 +0000

By: WordPress Hack and Security Settings – flyingpenguin

WordPress Hack and Security Settings – flyingpenguin — Fri, 11 Jun 2010 05:50:37 +0000

[...] Many hosted WordPress sites were hacked in April and May. GoDaddy in particular had a large number of sites affected. [...]

By: Godaddy Is Silly

Godaddy Is Silly — Thu, 27 May 2010 08:21:08 +0000

LOL. Nice try. I had JUST set up WordPress at Godaddy's WordPress hosting and got hacked.

By: Godaddy Is Silly

Godaddy Is Silly — Thu, 27 May 2010 01:21:08 +0000

LOL. Nice try. I had JUST set up WordPress at Godaddy's WordPress hosting and got hacked.

By: Larry Clark

Larry Clark — Tue, 18 May 2010 00:51:43 +0000

there's no date on this article. when did this happen?

By: Larry Clark

Larry Clark — Mon, 17 May 2010 17:51:43 +0000

there's no date on this article. when did this happen?

By: sheila

sheila — Wed, 12 May 2010 14:26:18 +0000

looks like you've got the virus again too – I'm on my third run!

By: sheila

sheila — Wed, 12 May 2010 07:26:18 +0000

looks like you've got the virus again too – I'm on my third run!

By: GoDaddy, Wordpress, Hacking & Backups, Oh My!

GoDaddy, Wordpress, Hacking & Backups, Oh My! — Tue, 11 May 2010 09:13:19 +0000

[...] Warning! Massive Number of Godaddy WordPress Blogs Hacked This Weekend [...]

By: jason

jason — Sat, 08 May 2010 00:26:22 +0000

Everyone, you should check out our free and simple plugin to lockdown Wordpress.. takes just a few mins, and boom you're done!

www.sitesecuritymonitor.com or direct: http://wordpress.org/extend/plugins/wp-secure-b...

By: jason

jason — Fri, 07 May 2010 17:26:22 +0000

By: Greg

Greg — Wed, 05 May 2010 14:34:52 +0000

#1 – I was notified of the malware problem first by loyal readers, not by GoDaddy – I have a big issue with that. Courtesy email?

#2 – I WAS running WordPress 2.9.2 with updated plugins and unique passwords, yet I now have 19 infected websites.

#3 – I HAVE followed the GoDaddy procedures at that URL and the infection persists. Looking through scores of include directories for funny file names (*.jpg.php)? Are you serious?

Honestly – after so many years with GoDaddy I expected better support during a crisis…its obvious that no one has my back.

By: Greg

Greg — Wed, 05 May 2010 07:34:52 +0000

#1 – I was notified of the malware problem first by loyal readers, not by GoDaddy – I have a big issue with that. Courtesy email?

#2 – I WAS running WordPress 2.9.2 with updated plugins and unique passwords, yet I now have 19 infected websites.

#3 – I HAVE followed the GoDaddy procedures at that URL and the infection persists. Looking through scores of include directories for funny file names (*.jpg.php)? Are you serious?

Honestly – after so many years with GoDaddy I expected better support during a crisis…its obvious that no one has my back.

By: John Hoff - WP Blog Host

John Hoff - WP Blog Host — Wed, 05 May 2010 05:23:20 +0000

I've been preaching for years about WordPress Security and it always seems to take a backseat, I suppose because learning how to secure WordPress isn't fun and doesn't seem necessary until you actually need it.

These attacks are quite sneaky and have a way around many security upgrades and what we need in place is a way to monitor the changes when they come.

I hope you don't mind the link dropping, but you might want to check out WordPress Defender: 30 Ways to Secure Your Blog From Attack Anyone Can Do... it's well worth the small investment and is loaded with a ton of WordPress and blog security info.

A nice well-rounded WordPress security system will include:

- monitoring for intrusions and changes
- firewalls to block against sql injection
- being ready for the day your blog does get hacked

Though it's not nearly enough, here's a great place to start:

Install these plugins:
- Login Lockdown
- WordPress Firewall
- Block Bad Queries
- WordPress File Monitor

By: John Hoff

John Hoff — Tue, 04 May 2010 22:23:20 +0000

By: Go Daddy

Go Daddy — Tue, 04 May 2010 00:28:26 +0000

Upgrading alone doesn't fix it. We have complete instructions for correcting the issue at http://fwd4.me/MFJ

Alicia

By: Dean

Dean — Mon, 03 May 2010 23:47:36 +0000

Sorry, godaddy. But you're wrong. I was fully updated to the latest version of WordPress and still got hacked. Twice. And every support person I talked to gave me the same line about how it wasn't godaddy's fault, but mine.

That's why I'm moving my blogs elsewhere. If people can't get support from their host, they're totally on their own.

By: Go Daddy

Go Daddy — Mon, 03 May 2010 17:28:26 +0000

Upgrading alone doesn't fix it. We have complete instructions for correcting the issue at http://fwd4.me/MFJ

Alicia

By: Dean

Dean — Mon, 03 May 2010 16:47:36 +0000

That's why I'm moving my blogs elsewhere. If people can't get support from their host, they're totally on their own.

By: Backing up, restoring and reinstalling GoDaddy WordPress blogs

Backing up, restoring and reinstalling GoDaddy WordPress blogs — Mon, 03 May 2010 08:54:50 +0000

[...] many of you, my GoDaddy WordPress blogs were compromised (again) this weekend. I have three servers with GoDaddy and the same one was hit each time. This [...]

By: patrickcurl

patrickcurl — Sun, 02 May 2010 02:46:06 +0000

I'm a social media utilizer – and my sites were hacked as well – second time in a week – we're trying to get some motion behind godaddy and make them hire some people or do something to make their service more secure. As such I'm starting a Twitter grassroots campaign. I'm no way affiliated w/ the link – but we all need to tweet this message and retweet it as often as possible today – we're trying to get #ihategodaddy as a trending topic.

The tweet: RT @patrickcurl Customers transferring OUT of GoDaddy QUADRUPLE! http://bit.ly/dvwtoT #ihategodaddy pls RT

By: patrickcurl

patrickcurl — Sun, 02 May 2010 02:37:18 +0000

The tweet: RT @patrickcurl Customers transferring OUT of GoDaddy QUADRUPLE! http://bit.ly/dvwtoT #ihategodaddy pls RT

By: jsi

jsi — Sat, 01 May 2010 20:45:59 +0000

Just got directed here, from google, and guess what? Unfortunetly, your site appears to be hacked as it tried to redirect me!!! GoDaddy, get your act together!!!

By: Patrick Curl

Patrick Curl — Sat, 01 May 2010 19:46:06 +0000

The tweet: RT @patrickcurl Customers transferring OUT of GoDaddy QUADRUPLE! http://bit.ly/dvwtoT #ihategodaddy pls RT

By: Patrick Curl

Patrick Curl — Sat, 01 May 2010 19:37:18 +0000

The tweet: RT @patrickcurl Customers transferring OUT of GoDaddy QUADRUPLE! http://bit.ly/dvwtoT #ihategodaddy pls RT

By: jsi

jsi — Sat, 01 May 2010 13:45:59 +0000

Just got directed here, from google, and guess what? Unfortunetly, your site appears to be hacked as it tried to redirect me!!! GoDaddy, get your act together!!!

By: godaddy

godaddy — Sat, 01 May 2010 06:22:18 +0000

A few of our customers were affected. Here's what our CISO had to say about it:

"WordPress is a-ok. Go Daddy is rock solid. Neither were 'hacked,' as some have speculated.

After an extensive investigation, we can report there was a small group of customers negatively impacted. What happened? Those users had outdated versions of the popular blogging software, set up in a particular way.

This underscores the importance of installing the latest Web applications, no matter where you are on the Internet. If you use Hosting Connection, automatically update WordPress to version 2.9.2 using the simple 3-step update offered when you log-in.

And, while we're on the topic of Web security and Best Practices - be sure all your online passwords are unique, secure, and in a safe place."

If you have questions or you'd like someone to take a look at your WordPress site, please get in touch with our 24/7 support team at http://fwd4.me/MBI

Alicia

By: Go Daddy

Go Daddy — Fri, 30 Apr 2010 23:22:18 +0000

By: netguy

netguy — Wed, 28 Apr 2010 20:08:23 +0000

It affected media temple and network solutions too.

By: ..

.. — Wed, 28 Apr 2010 19:20:51 +0000

read it here..
http://wordpress.org/development/2010/04/file-p...

By: netguy

netguy — Wed, 28 Apr 2010 13:08:23 +0000

It affected media temple and network solutions too.

By: ..

.. — Wed, 28 Apr 2010 12:20:51 +0000

read it here..
http://wordpress.org/development/2010/04/file-permissions/

By: Read this if your WP blogs are hosted on GoDaddy | exclusiverumors.netfirms.com

Wed, 28 Apr 2010 08:13:09 +0000

[...] http://blogcastfm.com/announcements/…-this-weekend/ [...]

By: mynext

mynext — Wed, 28 Apr 2010 07:09:30 +0000

Thank you for the heads up

By: My Next

My Next — Wed, 28 Apr 2010 00:09:30 +0000

Thank you for the heads up

By: Miserere

Miserere — Tue, 27 Apr 2010 22:13:06 +0000

On Friday, all my permissions were set correctly, as recommended by the WordPress codex. I still got hacked. It's not as easy as saying “everybody had their permissions set wrong”; there's a lot more to it than that, and I hope GoDaddy tell us what the problem was once they figure it out instead of just saying “we've fixed it”.

By: Miserere

Miserere — Tue, 27 Apr 2010 15:13:06 +0000

By: Alex Blackwell

Alex Blackwell — Tue, 27 Apr 2010 14:50:03 +0000

Thanks for the heads-up guys!

By: Alex Blackwell

Alex Blackwell — Tue, 27 Apr 2010 07:50:03 +0000

Thanks for the heads-up guys!

By: Privacy Source » Massive Number of Godaddy Wordpress Blogs Hacked

Privacy Source » Massive Number of Godaddy Wordpress Blogs Hacked — Tue, 27 Apr 2010 06:13:43 +0000

[...] nasty little exploit has hit a large number of Godaddy Hosted WordPress Blogs this weekend. The best part is that the exploit only executes when the traffic is referred by Google, making it [...]

By: Papas

Papas — Tue, 27 Apr 2010 05:19:30 +0000

Take a look at this http://bit.ly/9Uj7uh there you will find some explanations

By: locspoc

locspoc — Tue, 27 Apr 2010 04:33:28 +0000

interesting, why only godaddy?

By: Miserere

Miserere — Tue, 27 Apr 2010 00:58:54 +0000

Have you informed GoDaddy of this?

By: Massive Number of Godaddy Blogs Hacked @ How To Pose For Photography

Massive Number of Godaddy Blogs Hacked @ How To Pose For Photography — Tue, 27 Apr 2010 00:54:09 +0000

[...] Please Read the full article on BlogcastFm.com [...]

By: gideon1222

gideon1222 — Tue, 27 Apr 2010 00:39:25 +0000

It's doubtful that the PHP version would do anything, PHP 5 wouldn't be doing much additionally to protect against the vulns; it's more an issue of server setup and also how poorly Worm^Hdpress is coded.

By: gideon1222

gideon1222 — Tue, 27 Apr 2010 00:34:23 +0000

If you can setup a Linux server via SSH (read, no Cpanel), install an HTTPD daemon and MySQL and install Wordpress yourself, there's always a $10/mo VPS from http://swvps.com/linux-vps.html