Self-hosted WordPress websites have been repeatedly hacked on a number of major hosting companies. These malicious hackers have crippled thousands of websites and left a trail of destruction across the Internet.
Infectious code has been injected on both WordPress blogs and numerous PHP-based applications leaving webmasters concerned for their website and visitors safety. Unfortunately, viruses have been infiltrated into numerous computers in the process.
The question… is your WordPress site safe?
WPSecurityLock has your back! We're here to educate you in ways to help secure your WordPress site and keep you informed of any known threats. We hear all your voices and concerns. Please continue to email us and leave comments. As a community, we can all help each other to have a safer blogging environment.
What does WPSecurityLock do when there's a hacker attack?
From the moment we're alerted there is an attack, we start a full-blown investigation searching for fingerprints left behind by evil hackers. If it's a server-side issue, we send information to the hosting company affected. If it's client-side, we inform webmasters on how to fix their WordPress sites. Then we provide WordPress security advice or do WordPress security for them.
What's GoDaddy doing to stop the evil hackers?
Go Daddy is one of those major hosting companies hit by these string of attacks. Go Daddy is aggressively investigating and reaching out to the community.
On April 21, 2010, we posted the Ninoplas Base64 WordPress Hacked on Godaddy | Case Study and GoDaddy reached out to WPSecurityLock. They had visited our blog and read your comments. They asked us to help by providing any information we found on the malware attack and we continue to do so.
On May 5, 2010, Scott Gerlach, the Manager of Information Security Operations of Go Daddy, reached out to our community and spoke at our WordPress Security Teleseminar. The audio replay is still available.
GoDaddy has also replied to comments, created support articles and made a special “Security Issue” form on their website. They've actively emailed and/or called their customers that may have been affected. (If you're site has been compromised and you have not heard from Go Daddy yet, please be sure to contact their Security Team.)
In addition, GoDaddy has been providing us with statements to keep our readers informed.
WordPress Exploit Update 5/13/2010
“Early into our investigation, Go Daddy noticed a majority of exploited websites were all running WordPress. After feedback from customers, more attacks and more in-depth analysis, we modified our statement to specify the attacks targeted numerous PHP-based applications, which included WordPress.
Transparency is a core value at Go Daddy. We intend to continue our commitment to communications. There are times, however, when publicly revealing too much, such as specific code from the attack, helps the criminals causing the issue.
We are aggressively collecting data to see how the attack is maturing and to discover ways we can help prevent our customers from being impacted and shut down ‘the bad guys' altogether. Go Daddy is leading an ongoing effort, working with industry security experts and other top hosting providers.
As part of our investigation, Go Daddy is encouraging customer input about their related website issues, which is why we set up a special form: http://www.GoDaddy.com/securityissue.
Look for further updates from Go Daddy on this topic, at http://Community.GoDaddy.com/support.
– Todd Redfoot
Go Daddy Chief Information Security Officer
Other related statements and posts on our website:
- Breaking News: WordPress Hacked with holasionweb on Go Daddy!
- Exploit on WordPress Returns – Go Daddy Responds!
- Breaking News: WordPress Hacked with Zettapetta on DreamHost
- CONTINUING STORY – Dangerous Malware Alert – Self-Hosted Sites Hack Update – Go Daddy Responds!
- Breaking News! WordPress Hacked on Network Solutions
- Breaking News! Dangerous Malware Alert – Self-Hosted Sites On Major Hosting Service Hacked Again!
- Cechirecom.com.js.php – WordPress Hacked | Case Study
- Ninoplas Base64 WordPress Hacked on Godaddy | Case Study
- WordPress Blogs Hacked Again (Corpadsinc[dot]com) – Network Solutions
We still have faith in GoDaddy and look forward to them stopping the evil hackers!
Please continue to keep us informed of any hacker attacks. I hope that you are feeling a little more peace of mind. Do you still have questions or concerns? Leave a comment below.
Securely yours,
Regina Smola
Follow me on Twitter
Follow WPSecurityLock on Twitter
Update: We encourage you to read Go Daddy's Compromised Website Update of May 15, 2010. It contains more details on their investigation and finding.
Regina,
It all would be fine except for one thing – according to this blogger who also performs security services for his clients – GD simply ignored him when he attempted to contact them with info on possible ENTRY of all the originating hacks:
http://smackdown.blogsblogsblogs.com/2010/05/13/hosting-with-godaddy-might-want-to-rethink-that-decision/
Since I don’t host with GD I can’t speak on their customer service but to me it seem to be odd to hear that they are “reaching out” while the consultant mentioned above was ignored.
Where is the truth? Do GD actually care or do the pretend to care?
Hi WPSecurityLock,
Today my site injected with the following URL:
http:// losotrana [dot] com [dot] js.php
What is this? Is it new attack or the old one?
Thanks,
Krishna
Krishna,
Thanks for your comment. This is a new attack. We have just made a new post here:
https://wpsecuritylock.com/breaking-news-wordpress-hacked-with-losotrana-on-godaddy-and-mediatemple/
We will continue to update the above post as information comes in. Thanks for letting us know.
New attack earlier this morning.
Replacing infected files from my backup right now.
Two sites infected today.
It looks like same sites are getting infected over and over again. I guess I’ll try moving these sites to another GoDaddy server and see what happens.