WARNING Go-Daddy Wordpress self hosted blogs infected!!

Jump to Last Post 1-7 of 7 discussions (19 posts)
  1. TerryGl profile image60
    TerryGlposted 8 years ago

    Well thanks to some low life I had my best performing blog attacked and rendered useless overnight. The offender has somehow got into Go-Daddy and infected self hosted wordpress blogs.

    I did the right thing and uninstalled the blog and then did a complete re-install and still infected.

    The way I removed the offending source code script "cechirecom/js.php" was to go through and deactivate all my plugins. I then edited the plugins and remove the top source code that looks like this.

    "php /**/ eval(base64_decode("aWYoZnVuY3Rpb25fZXhpc3RzKCdvYl9"

    That code is about twenty sentences long.

    It will be in your plugins code and theme code php files right at the top.

    If your infected you will see the code above the bottom body tag. Go to your blog, right click and view source code. Scroll to the bottom and hope like hell you do not see the script.

    There is more information at http://www.wpsecuritylock.com/cechrieco … ase-study/

  2. rebekahELLE profile image88
    rebekahELLEposted 8 years ago

    hmm, not sure if I did the right thing. I just renewed my domain name and set up hosting with godaddy. and installed the wordpress
    2.9.2 publishing platform. I don't think that's what I intended to do!! I wanted the traditional Wordpress download for my site.
    now what???   does anyone use this?

    1. sunforged profile image70
      sunforgedposted 8 years agoin reply to this

      Thats correct - you one click installed rather than downloading direct from wp.org and ftping to your directory

      most people who self install - fail to set up strong security keys, the one click incorporates those steps

      1. rebekahELLE profile image88
        rebekahELLEposted 8 years agoin reply to this

        I don't remember before my URL being: _____/wordpress. it was just my name.com.   I guess I'm confused.

        1. sunforged profile image70
          sunforgedposted 8 years agoin reply to this

          Probably wasnt - you will have to uninstall - then reinstall- this time with the directory left blank. I think GD autosuggest a wordpress folder for you

          like this




          1. rebekahELLE profile image88
            rebekahELLEposted 8 years agoin reply to this

            actually I think I need to go jump in the pool, it's making me crazy. now it keeps saying authentication failed and I'm entering the exact customer # and password.  I haven't used godaddy before. if there are problems there... geez.

            1. sunforged profile image70
              sunforgedposted 8 years agoin reply to this

              I wasnt to happy the first time I tried to get Wp install up through Gdaddy - eventually, I just called! , the tech support for little things like a wp install is not bad - they usually try and upsell you but that is easily shrugged off (the over the phone deals can be pretty good though)

              A pool huh! ...its like 50 here in nY - wacky weather -no May flowers or at least they are getting frostbitten now.

              1. rebekahELLE profile image88
                rebekahELLEposted 8 years agoin reply to this

                it's nerve wracking... I finally got in. I was capitalizing a letter... but when I uninstalled it, it still hasn't uninstalled, it's still showing installed. it's comforting to know you also had problems, now I don't feel so tech-challenged.

                so, yes, it's time for a swim. it's 81, sunny, I should have been out there this afternoon..
                I used to live outside of Albany, we only stayed 2 years.  I couldn't believe how long the winters were, oct -may, there was snow on the ground.  now I'm spoiled big time. I'm cold in 50 degree weather.

                1. sunforged profile image70
                  sunforgedposted 8 years agoin reply to this

                  well im worried because the snow didnt hit until dec/jan - does that mean cold weather til june/july! ?

                  Ill be a west coaster soon enough smile

                  but as for the techy part - it can take as long 12 hours for your "request to be processed" its usually done within an hour though.

                  Forget about it and go to the pool! should be sorted out by the time you return.

              2. rebekahELLE profile image88
                rebekahELLEposted 8 years agoin reply to this

                aarhhhhhhggg. I don't think I like godaddy! I uninstalled and reinstalled the wordpress 2.9.2. received the email with the link to what is supposed to be my site and it doesn't work!!!  I already paid for a year of hosting and I can't get to the WP site.
                very frustrating. sad

                edit, i finally got it figured out. thanks for helping SF.

  3. sunforged profile image70
    sunforgedposted 8 years ago

    I still have a couple of dozen live sites on my godaddy hosting - nothing seems to be off with them.

    What gives you the impression that "go-daddy" self hosted blogs were attacked and infiltrated - rather than YOUR self hosted blog on godaddy hosting was infiltrated?

    Was there a notification - I would be mad cuz I didnt get any email or notices!

    What plug-ins were you using? have you been updating your wp install to keep up with security fixes?

  4. chinweike profile image63
    chinweikeposted 8 years ago

    I don't use Godaddy for my selfhosted blogs. I use bluehost.

    1. sunforged profile image70
      sunforgedposted 8 years agoin reply to this

      Good for you! Congrats! Awesome! Very good to know!

      @terry, I am reading your past post (http://hubpages.com/forum/topic/43093#post996571) about the malware infection across godaddy - fort knox huh! - sounds nasty

      Must admit, Im more concerned that the military/government is using shared hosting at a commercial host - I would have hoped they ran their own secure servers

  5. thisisoli profile image69
    thisisoliposted 8 years ago

    I read the link you posted and it seems tha tmost of the people infected had poor security measures up, however it also says your website can be rolled back to before the infection.

    I am in the process of leaving servage after the messed up again, however thanks to them one of my highest earning websites got knocked down and never recovered in Googles rankings.

    I am currently moving my hosting to hostgator, my domains to GoDaddy.

    1. sunforged profile image70
      sunforgedposted 8 years agoin reply to this

      i migrated most everything to HG and have been happy

      I keep some around at other hosts - diff c classes and all that jazz

  6. Misha profile image68
    Mishaposted 8 years ago

    I don;t host on Godaddy. Actually I moved out of Bluehost, too - since they implemented CPU throttling. Every single one of my sites appeared to be too heavy for them...

    1. earnestshub profile image88
      earnestshubposted 8 years agoin reply to this

      Bandwidth bandits are prolific too!
      My daughter is re-hosting her subscribers yet again because of the difference between stated cpu and bandwidth she paid for and what they could actually deliver.
      They all offer high figures, most of it based on people failing to use use what they have paid for to carry the load for the bigger users.
      It seems if you really need good hosting it costs a packet!

    2. Jane@CM profile image62
      Jane@CMposted 8 years agoin reply to this

      So where did you go?  I have everything with Bluehost.  For me it is fine as I'm so little lol

  7. Misha profile image68
    Mishaposted 8 years ago

    I went to several places including a couple of instances of Hostgator and Pronet. smile


This website uses cookies

As a user in the EEA, your approval is needed on a few things. To provide a better website experience, hubpages.com uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at: https://hubpages.com/privacy-policy#gdpr

Show Details
HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
LoginThis is necessary to sign in to the HubPages Service.
Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
AkismetThis is used to detect comment spam. (Privacy Policy)
HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the googleapis.com or gstatic.com domains, for performance and efficiency reasons. (Privacy Policy)
Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
MavenThis supports the Maven widget and search functionality. (Privacy Policy)
Google AdSenseThis is an ad network. (Privacy Policy)
Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
Index ExchangeThis is an ad network. (Privacy Policy)
SovrnThis is an ad network. (Privacy Policy)
Facebook AdsThis is an ad network. (Privacy Policy)
Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
AppNexusThis is an ad network. (Privacy Policy)
OpenxThis is an ad network. (Privacy Policy)
Rubicon ProjectThis is an ad network. (Privacy Policy)
TripleLiftThis is an ad network. (Privacy Policy)
Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)