jump to last post 1-7 of 7 discussions (19 posts)

WARNING Go-Daddy Wordpress self hosted blogs infected!!

  1. TerryGl profile image60
    TerryGlposted 6 years ago

    Well thanks to some low life I had my best performing blog attacked and rendered useless overnight. The offender has somehow got into Go-Daddy and infected self hosted wordpress blogs.

    I did the right thing and uninstalled the blog and then did a complete re-install and still infected.

    The way I removed the offending source code script "cechirecom/js.php" was to go through and deactivate all my plugins. I then edited the plugins and remove the top source code that looks like this.

    "php /**/ eval(base64_decode("aWYoZnVuY3Rpb25fZXhpc3RzKCdvYl9"

    That code is about twenty sentences long.

    It will be in your plugins code and theme code php files right at the top.

    If your infected you will see the code above the bottom body tag. Go to your blog, right click and view source code. Scroll to the bottom and hope like hell you do not see the script.

    There is more information at http://www.wpsecuritylock.com/cechrieco … ase-study/

  2. rebekahELLE profile image92
    rebekahELLEposted 6 years ago

    hmm, not sure if I did the right thing. I just renewed my domain name and set up hosting with godaddy. and installed the wordpress
    2.9.2 publishing platform. I don't think that's what I intended to do!! I wanted the traditional Wordpress download for my site.
    now what???   does anyone use this?

    1. sunforged profile image64
      sunforgedposted 6 years ago in reply to this

      Thats correct - you one click installed rather than downloading direct from wp.org and ftping to your directory

      most people who self install - fail to set up strong security keys, the one click incorporates those steps

      1. rebekahELLE profile image92
        rebekahELLEposted 6 years ago in reply to this

        I don't remember before my URL being: _____/wordpress. it was just my name.com.   I guess I'm confused.

        1. sunforged profile image64
          sunforgedposted 6 years ago in reply to this

          Probably wasnt - you will have to uninstall - then reinstall- this time with the directory left blank. I think GD autosuggest a wordpress folder for you


          like this

          rebekkahellessite/


          not

          rebekkahellessite/wordpress

          1. rebekahELLE profile image92
            rebekahELLEposted 6 years ago in reply to this

            actually I think I need to go jump in the pool, it's making me crazy. now it keeps saying authentication failed and I'm entering the exact customer # and password.  I haven't used godaddy before. if there are problems there... geez.

            1. sunforged profile image64
              sunforgedposted 6 years ago in reply to this

              I wasnt to happy the first time I tried to get Wp install up through Gdaddy - eventually, I just called! , the tech support for little things like a wp install is not bad - they usually try and upsell you but that is easily shrugged off (the over the phone deals can be pretty good though)

              A pool huh! ...its like 50 here in nY - wacky weather -no May flowers or at least they are getting frostbitten now.

              1. rebekahELLE profile image92
                rebekahELLEposted 6 years ago in reply to this

                it's nerve wracking... I finally got in. I was capitalizing a letter... but when I uninstalled it, it still hasn't uninstalled, it's still showing installed. it's comforting to know you also had problems, now I don't feel so tech-challenged.

                so, yes, it's time for a swim. it's 81, sunny, I should have been out there this afternoon..
                I used to live outside of Albany, we only stayed 2 years.  I couldn't believe how long the winters were, oct -may, there was snow on the ground.  now I'm spoiled big time. I'm cold in 50 degree weather.

                1. sunforged profile image64
                  sunforgedposted 6 years ago in reply to this

                  well im worried because the snow didnt hit until dec/jan - does that mean cold weather til june/july! ?

                  Ill be a west coaster soon enough smile

                  but as for the techy part - it can take as long 12 hours for your "request to be processed" its usually done within an hour though.

                  Forget about it and go to the pool! should be sorted out by the time you return.

              2. rebekahELLE profile image92
                rebekahELLEposted 6 years ago in reply to this

                aarhhhhhhggg. I don't think I like godaddy! I uninstalled and reinstalled the wordpress 2.9.2. received the email with the link to what is supposed to be my site and it doesn't work!!!  I already paid for a year of hosting and I can't get to the WP site.
                very frustrating. sad



                edit, i finally got it figured out. thanks for helping SF.

  3. sunforged profile image64
    sunforgedposted 6 years ago

    I still have a couple of dozen live sites on my godaddy hosting - nothing seems to be off with them.

    What gives you the impression that "go-daddy" self hosted blogs were attacked and infiltrated - rather than YOUR self hosted blog on godaddy hosting was infiltrated?

    Was there a notification - I would be mad cuz I didnt get any email or notices!

    What plug-ins were you using? have you been updating your wp install to keep up with security fixes?

  4. chinweike profile image46
    chinweikeposted 6 years ago

    I don't use Godaddy for my selfhosted blogs. I use bluehost.
    Cheers!

    1. sunforged profile image64
      sunforgedposted 6 years ago in reply to this

      Good for you! Congrats! Awesome! Very good to know!

      @terry, I am reading your past post (http://hubpages.com/forum/topic/43093#post996571) about the malware infection across godaddy - fort knox huh! - sounds nasty

      Must admit, Im more concerned that the military/government is using shared hosting at a commercial host - I would have hoped they ran their own secure servers

  5. thisisoli profile image63
    thisisoliposted 6 years ago

    I read the link you posted and it seems tha tmost of the people infected had poor security measures up, however it also says your website can be rolled back to before the infection.

    I am in the process of leaving servage after the messed up again, however thanks to them one of my highest earning websites got knocked down and never recovered in Googles rankings.

    I am currently moving my hosting to hostgator, my domains to GoDaddy.

    1. sunforged profile image64
      sunforgedposted 6 years ago in reply to this

      i migrated most everything to HG and have been happy

      I keep some around at other hosts - diff c classes and all that jazz

  6. Misha profile image75
    Mishaposted 6 years ago

    I don;t host on Godaddy. Actually I moved out of Bluehost, too - since they implemented CPU throttling. Every single one of my sites appeared to be too heavy for them...

    1. earnestshub profile image86
      earnestshubposted 6 years ago in reply to this

      Bandwidth bandits are prolific too!
      My daughter is re-hosting her subscribers yet again because of the difference between stated cpu and bandwidth she paid for and what they could actually deliver.
      They all offer high figures, most of it based on people failing to use use what they have paid for to carry the load for the bigger users.
      It seems if you really need good hosting it costs a packet!
      smile

    2. Jane@CM profile image61
      Jane@CMposted 6 years ago in reply to this

      So where did you go?  I have everything with Bluehost.  For me it is fine as I'm so little lol

  7. Misha profile image75
    Mishaposted 6 years ago

    I went to several places including a couple of instances of Hostgator and Pronet. smile

 
working