• Skip to primary navigation
  • Skip to main content
  • Skip to footer
WPSecurityLock – Malware removal & WordPress security services

WPSecurityLock – Malware removal & WordPress security services

WordPress security, malware removal, repair, backups, ongoing maintenance, installation, site migration & support services – WP Security Lock.

  • Facebook
  • LinkedIn
  • Twitter
  • Home
  • About
    • About Us
    • Speaker Information
    • Contact Us by Phone, Email or Live Chat
    • Testimonials
  • Security Services
    • Malware / Virus Removal
    • WordPress Security and Installation Services
    • Monthly Security Packages
    • SSL Conversion Service (HTTP to HTTPS)
  • Blog
  • Resources
  • Contact
  • SafeWP

Malware Attack: acrossuniverseitbenet Hacks WordPress Sites

December 22, 2010 By Regina Smola 55 Comments

On December 22, 2010, we received several reports that a new malware attack (acrossuniverseitbenet) has infected WordPress sites hosted at GoDaddy and possibly other hosting providers.

The malware script injected is as follows:

(I have put spaces in the url below for your protection so you can't click to open the url.)

<script src=”http:// acrossuniverseitbenet .com/js.php?kk=10″ > </script>

The worst part about this virus is it's much harder to clean. The malicious hackers have stepped it up a notch and decided to infect the WordPress database and not just server files. The above script is injected inside every single page and posts inside the database (wp_posts table).

This malicious script redirects website visitors to various sites hosting “Fake AV” websites and some are zero-day attacks. A zero-day attack means that anti-virus programs may not yet have their definitions updated and your computer can become infected even with up-to-date software.

Some of the Fake AV websites that the acrossuniverseitbenet redirects to are:

(I have put spaces in the urls so you can't click them for your protection.)

  • ww23.smartsuite-4u .in
  • ww3.top-s-can-foru .in
  • www1.top-only-master .in

Here's a screen shot of one of the viruses caught by my AVG program:

acrossuniverseitbenet malware wordpress hacked godaddy

Today, my computer was attacked three times and my AVG and MalwareBytes did not catch two of the viruses and I had to do a system restore to an earlier date.

I did not make a screen shot of the actual attacks, but it looked very similar to this:

As you can see by the above image, this can easily fool people into thinking they are looking at a folder on their Windows computer and not a web browser (look at the top where you can see the URL). It moves extremely fast and starts downloading tons of infectious files to your computer.

This Fake AV is very dangerous and can cripple your visitors computers. It is strongly advised that you put your website in maintenance mode immediately until it is fixed.

How to safely put your WordPress Blog in Maintenance Mode:

  1. Rename your root index.php file to something else (for example: index-hold.php).
  2. Upload a “Down for Maintenance” index.html page to your root directory.
  3. Rename your wp-config.php file to something else so no other pages connect to the infected database (for example: wp-config-hold.php).
  4. Clear your cache and cookies.
  5. Visit your website's home page to make sure you can see the “Down for Maintenance” page.

If you do not have a blank index page, please feel free to use mine. All you have to do is unzip it and upload it to your root directory where your wp-config.php file is.

Important: Make sure you rename it to index.html so that your server recognizes it for the home page.

Server Files Found:

There have been numerous “mystery” files found on infected websites that were uploaded on November 10, 2010. We believe these were trigger files that were set to “go off” today.

An example file name is sdfssdf_dfsdf.php

Be sure you look through your server files for these trigger files and remove them ASAP.

Contact Your Hosting Company

If you're hosted with GoDaddy, please fill out a support ticket with their security team here.

If you are hosting with another hosting provider, please contact them as well.

How many WordPress sites are infected with acrossuniverseitbenet?

At this time, the number of WordPress sites hacked or the number of hosting providers affected is unclear.

We have been working with GoDaddy directly to help resolve this issue and will keep you updated as we receive more information. Any updates will be put on this blog post, so be sure to check back often. If you need help, feel free to contact us.

We need your feedback!

If you're site been infected with this malware attack? If so, are you on GoDaddy or with another hosting provider? Have you found any other redirect scripts? Please let us know by leaving a comment below.

Securely yours,

Regina Smola
Follow me on Twitter
Follow WPSecurityLock on Twitter

UPDATE: 12/22/2010 at 5pm CST:

Currently, we are unable to connect to any site affected on GoDaddy's server infected with this malware via FTP/SFTP. Getting a critical error – 550 Login authentication failed. Could not connect to the server. We had to change the FTP password to get in again. Not sure if it was a malicious hacker that changed it or GoDaddy for protection.

UPDATE 12/22/2010 at 8:27PM CST:

Just found another trigger file on a infected website. File name fritz_rather.php. Uploaded 11/13/2010 at 6:41am server time. This file must be time activate to go off today when it started redirecting site this morning.

You should search your server files for any files that have suspicious names and also do a search for the following to identify any malicious code:

<‘.'?php /**/ $_8b7b=”x63x72x65x61x74x65x5fx66x75x6ex63x74x6

And

global     $totalinjected;

The malicious code could have all or some of the above. They should be deleted immediately.

UPDATE 12/22/2010 at 9:39pm CST:

Sucuri Malware ScanAs you know we are working hard to fix as many websites as possible. Our good friends over at Sucuri have agreed to take on our overflow sites and get your sites fixed as soon as possible (generally within 4 hours).

You can get your hacked WordPress blog fixed here:
*
https://wpsecuritylock.com/sucuri.

Open the above URL and scroll down the the “Have a single site with malware?” and click the “Sign Up” button. And be sure to check out their Sucuri Web Integrity Monitor services for your website. We use it and recommend it to all our customers.

Don't let your customers tell you your site's hacked, let Sucuri alert you instead.

*Denotes our affiliate link, see our Disclosure.

 

UPDATE 12/23/2010 2:50PM

GoDaddy has released a Security Update on their community blog regarding this malware attack. Read “Security Update: Malware Affecting Some Databases.”

Filed Under: Malware and Virus Alerts Tagged With: acrossuniverseitbenet malware, godaddy hacked, smartsuite-4u, top-only-master, top-s-can-foru, wordpress hacked, wordpress hacked on Go Daddy

Reader Interactions

Comments

  1. Miserere says

    December 22, 2010 at 4:47 pm

    If my site hasn’t been affected, would putting it in maintenance mode protect it? I’d say NO, but if the answer is YES, let me know.

    Thanks!

    Reply
    • Regina Smola says

      December 22, 2010 at 5:03 pm

      No, putting it in maintenance mode will not change anything. It can get infected either way. Looks like a mysql infection. We are waiting for more results from GoDaddy’s Security Team.

      Reply
  2. Andrea_R says

    December 22, 2010 at 4:51 pm

    More info here too:

    http://blog.sucuri.net/2010/12/attacks-against-godaddy-acrossuniverseitbenet-com-hilary-kneber-hardsoft.html#more-1401

    Reply
    • McLaughlin says

      December 22, 2010 at 9:43 pm

      that sucuri post is worthless

      Reply
      • Regina Smola says

        December 22, 2010 at 10:03 pm

        If you find that someone who will fix your site for only $69.99 worthless that’s a damn shame. Maybe you should just delete your site and call it a day.

        Trying to help everyone and that’s the response you can come up with?

        Reply
  3. Kimberly says

    December 22, 2010 at 4:56 pm

    How does one determine if their site is infected without infecting their computer? Thanks!

    Reply
    • Regina Smola says

      December 22, 2010 at 5:07 pm

      Kimberly,

      Thanks for your question. What you could do is log into your hosting file manager or FTP and see if most of your files all have the same date and time (maybe 11/10/2010). Also you could login to your database and browse > edit one of your posts/pages and see if there’s any malicious script inside at the bottom.

      Another alternative is to get Sucuri scan and be alerted if there’s malware found. I use it and recommend it to anyone who has a website. You can use my discounted affiliate link here: https://wpsecuritylock.com/sucuri. Once you’re a customer you can also do a scan on your site too 🙂

      Reply
  4. Regina Smola says

    December 22, 2010 at 11:03 pm

    David from Sucuri just sent me a message that there’s Tweets that GoDaddy has fixed websites – http://twitter.com/search?q=#Godaddy

    Reply
  5. Stu R says

    December 22, 2010 at 5:12 pm

    Can you elaborate as to how the injections were instantiated – such as via non-sftp connections?

    Reply
    • Regina Smola says

      December 22, 2010 at 5:33 pm

      At this time, I have not found out how they got in. I have ordered FTP logs and am waiting for Godaddy’s team to give me an update if it was via mysql, ftp, etc.

      Reply
  6. Chris Bryant says

    December 22, 2010 at 5:17 pm

    Is this a Go-Daddy issue, or a WordPress issue? I guess I’m asking, did the code get placed through a Go-Daddy vulnerability or one in WP?

    Reply
    • Regina Smola says

      December 22, 2010 at 5:32 pm

      Thanks for your question, Chris.

      Currently, GoDaddy’s Security Team is checking on how this occurred and I’m waiting to hear an answer. As soon as they let know, I’ll put an update on this post. I’m hoping there’s an easy fix and that however it happened it get’s secured ASAP.

      Reply
    • Danny says

      December 22, 2010 at 6:42 pm

      GoDaddy is awful when it comes to their level of vulnerability for this sort of attacks. Until very recently, I hosted about twenty sites with them on a shared hosting environment. What happens during one of these attacks is that if ANY of the clients on a shared hosting account has an infection on the server, it spreads to all of the sites (across member accounts).

      That means that if you clean up your infection it is bound to resurface within a matter of hours because the virus exists elsewhere within the shared environment.

      Worse, they never admit to any wrongdoing and instead try to blame their customers as a first line of defense.

      I’ve since moved all of my sites to Bluehost, which hasn’t been infected by this latest threat. However, a site I manage for some friends (which IS hosted on Go Daddy) was infected earlier today.

      GoDaddy really needs to learn how to (A) anticipate these threats; (B) deal with them in a prompt matter; and (C) stop blaming their customers for their own weak server protection.

      Reply
  7. Daniel Fenn says

    December 22, 2010 at 5:43 pm

    I’m currently calling anyone who use GoDaddy to move away as far as they can ASAP. From all the reports that I read, it looks that they are the only one who make headlines regarding wordpress. To me, GoDaddy is not doing enough to protect their servers.

    My webhost (paid) got their servers so locked down that I could not login into my phpbb forum as there was a mod_secturity rule that was blocking the url that phpbb use to login.

    Reply
  8. Robert Nelson says

    December 22, 2010 at 7:11 pm

    Hi Regina
    Thanks for the post. My sites are hosted with HostGator. Did some checks(am at WP version 3.0.3 &/or the latest stable version) moved wp-admin file permissions back to 644 from 755. No problems found otherwise. Sure would be nice if the “Crackers”(I’m old school) would find something else to occupy there time. It would also be nice if all Web Hosting companies took security .as seriously as they take there profits as there lack of same can seriously impact our profits.

    Reply
    • Regina Smola says

      December 22, 2010 at 7:15 pm

      Amen Robert!!!

      Glad your site is okay. Your wp-admin directory should be 755. Did you mean a different file?

      BTW, have a very Merry Christmas!

      Reply
  9. Willis says

    December 22, 2010 at 7:27 pm

    Having the same issue. I cannot even submit a security ticket through godaddy (ive tried in 3 browsers), always comes up with an error saying that the “question” field is mandatory, however there is no question field. All fields I need to fill in are filled in.

    My site has slightly over 35000 posts, removing these by hand would take me a month.

    Tried calling godaddy, got disconnected, no callback yet. Unreal.

    Anyone have a solution yet?

    Reply
    • Regina Smola says

      December 22, 2010 at 7:50 pm

      Hi Willis,

      Sounds very frustrating. I am working with my support team to find the easiest solution. Hopefully we will have some results shortly.

      Reply
  10. Tom says

    December 22, 2010 at 7:44 pm

    Any way to remove the offending code from your posts without having to go into each and every one? 🙁

    Reply
    • Regina Smola says

      December 22, 2010 at 7:49 pm

      I am working on a solution to get it fixed. I will be posting something shortly. Speaking with my tech team now.

      Reply
      • Willis says

        December 22, 2010 at 7:51 pm

        Sounds great. Thanks.

        Reply
  11. Irshad Salim says

    December 22, 2010 at 8:17 pm

    my website got infected today. each post and page. how do i remove this script from each post sir?

    Reply
  12. Robert Nelson says

    December 22, 2010 at 8:18 pm

    Hi Regina
    The WP plug in Security Scan says wp-admin should be 644, however setting it to that creates redirection problems. Mine is now reset back to 755. Looking at some of your earlier posts, there have been other GoDaddy problems(personally I would only use them for Domain Name Registration.) I wish you and yours a Very Merry Christmas and the Happiest of New Year’s

    Reply
    • Regina Smola says

      December 22, 2010 at 8:25 pm

      Thanks Robert,

      Yes, I have seen that in the WP Security Scan plugin. However, if you changed your directory to 644 you cannot access your wp-admin section. The highest you should set the directory to is 755.

      I use GoDaddy for my domain registrations and I host at HostGator.

      For those that want to use my affiliate code (wink), go to https://wpsecuritylock.com/hostgator. You can save money by putting in our special coupon code at checkout: wpsecuritylock

      Hoping to have a hacker free Christmas and my New Years resolution is to take down twice as many hackers as I did this year!!! 🙂

      Reply
    • Regina Smola says

      December 22, 2010 at 8:26 pm

      Just found another HACKER SCRIPT file on an infected website, must be the trigger file:

      file name: fritz_rather.php.

      I am going to update this post with more info. Look at post above for details.

      Reply
      • Willis says

        December 22, 2010 at 8:45 pm

        I had a similar file, although I can’t figure out the name of it cuz I deleted it and emptied my recycle bin. I actually had two php files in my root directory I didn’t recognize and one txt file. All 3 were deleted.

        Reply
      • JohnR says

        December 22, 2010 at 8:53 pm

        Thanks a lot Regina for the heads-up! Where did you find it – are/were those files put in the root html directory?

        Also, if my site were to be hit with this, would restoring from my last good WordPress SQL database be enough to fix it?

        Thanks!

        Reply
        • Regina Smola says

          December 22, 2010 at 9:38 pm

          Hi John,

          That’s a very good question. It depends on how old your database is.

          Unfortunately, the trigger files (all named different on each website) were uploaded on or around 11/10/2010 as a ticking time bomb. Obviously it went off today or yesterday and wrote to the database. I hate that the trigger file was sitting on the server undetected for so long. Who knows what else they are planning. Scary stuff.

          I am not sure if there was also a trigger written to the database. Hopefully not.

          Read the above post in about 5 minutes for an update on how to fix your site.

          Reply
          • JohnR says

            December 22, 2010 at 9:50 pm

            Thanks Regina. Even though these attacks are different than the previous ones (SQL injection instead of PHP file modifications), the source seems to be coming in on the same vector as before – a dropped foreign PHP trigger file that is later executed,

            One good tool to catch this might be the free WordPress File Monitor plugin – it can be set up to constantly monitor important parts of your web server’s filesystem for new/different/deleted files, and then alert you to any changes via email (which can be sent to your cellphone provider to text message you if you prefer).

            http://wordpress.org/extend/plugins/wordpress-file-monitor/

            I just installed it in the hopes that maybe I can sleep a little better tonight.

      • Ron says

        December 22, 2010 at 9:24 pm

        The name on my malware php injection file was alasdair_elaine.php, but I have the same problem across all my hosted GoDaddy WP blogs with no locatable source in my script aside from that listed file. Apparently it may be attacking databases directly this time. I’m taking my various websites offline until I hear more.

        Also, I’m going to go cry into a bottle of bourbon, but that’s less helpful.

        Reply
        • Regina Smola says

          December 22, 2010 at 9:35 pm

          Ron,

          Thanks for your comment, but sorry to hear about your websites.

          I am updating this post in a few minutes with a solution. Please stand by.

          Reply
  13. Willis says

    December 22, 2010 at 10:00 pm

    SOLUTION!

    you can view the solution at:
    http://newmusicreviews.net/sqlquery.txt

    I would paste it all here but the SQL query will change.

    Reply
    • Regina Smola says

      December 22, 2010 at 10:51 pm

      Thanks for the info and the great conversation! I updated my post above with your information – 12/22/2010 at 10:30pm.

      You’ve helped alot of people tonight. We are all very grateful.

      Have a Merry Christmas,

      ~ Regina Smola

      Reply
    • Ryan says

      December 22, 2010 at 10:28 pm

      Willis, thanks a bunch for this! I’m sure it will be extremely helpful for everyone here. Oddly enough the script has magically removed itself from thousands of files in my database. I’m guessing GoDaddy ran a similar script to the one you mention above. Ahh, now let’s just hope there’s no traces left behind!

      Reply
  14. Ryan says

    December 22, 2010 at 10:01 pm

    Any news on this? I just got off the phone with a GoDaddy rep (3rd call) in order to try to fix this issue. Most recently they told me to fill out this ticket form that they just created for this issue: http://www.godaddy.com/securityissue

    Fill out and submit the ticket. They claim that they’ll have a fix for this acrossuniverseitbenet script, but who knows when? My site is down and thousands of files are infected. Arghh… what a Merry Christmas…

    Reply
  15. Sheri says

    December 22, 2010 at 10:18 pm

    I followed your directions to put my site in maintenance mode and everything looks like it worked, but now I can’t get in the back end to try to edit something to see if I have any odd script there. It gives me this message:

    “There doesn’t seem to be a wp-config.php file. I need this before we can get started. Need more help? We got it. You can create a wp-config.php file through a web interface, but this doesn’t work for all server setups. The safest way is to manually create the file.” (And there is a tab to manually do it.)

    I’m new to this so not sure what I am doing! Also not sure how to proceed–guess I’ll wait till I hear something from you all.

    Merry Christmas to all!

    Reply
    • Regina Smola says

      December 22, 2010 at 10:38 pm

      Hi Sheri,

      Thanks for your question. Putting it in maintenance mode disables your database from posting on your website until you clean the database. There should be some bad files on your server with weird names to delete, then follow Willis’s instructions to fix the database.

      Once you’re done, then reverse my steps so you’re now longer in maintenance mode.

      P.S. If your site is infected, you don’t want to go in the admin anyways. Stay off your site until it’s fixed to protect your computer.

      Also be sure to run full virus scans to make sure it’s clean.

      Reply
    • Willis says

      December 22, 2010 at 10:38 pm

      You need to rename the files back to the way they were.

      “index.php file to something else (for example: index-hold.php).
      wp-config.php file to something else so no other pages connect to the infected database (for example: wp-config-hold.php).”

      So if you renamed index.php to index-hold.php, you need to rename it back and reupload to your hosting account.

      Reply
  16. Kathy Pop says

    December 22, 2010 at 10:44 pm

    Thanks Regina for alerting us! I too host most of my sites at Hostgator and those are fine. My others seem to be alright too.

    I guess we should be sure to backup our databases often, then just restoring from the latest backup would make solving the problem so much easier.

    I took the advise I learned at the Telesummit about setting up an email just for site backups. Once you have several sites, it really helps.

    Take care and have a safe holiday

    Kathy Pop

    Reply
  17. Roy says

    December 23, 2010 at 12:03 am

    Regina, just wanted to say thanks for all the heads up, we checked all our servers and everything is fine. Fine work you do here, keep it up.

    Roy

    Reply
  18. Michaela says

    December 23, 2010 at 12:40 pm

    I just checked and noticed a suspicious time stamp on many of my folders dated 11/15/2010 around 2:40pm. However, since that time, I did update to the latest WordPress and updated all of my plugins as well. So this time stamp is only on folders that were not updated (ie, ones that hold images and other non-php files). What else should I look for to make sure my sites aren’t infected?

    As always, much thanks!

    Reply
  19. Regina Smola says

    December 24, 2010 at 3:44 pm

    Yesterday, I received an email from GoDaddy regarding this attack. They have posted information a message for all customers affected on their community blog. You can read “Security Update: Malware Affecting Some Databases” here >> http://community.godaddy.com/godaddy/security-update-malware-affecting-some-databases/.

    Sorry for the delay in posted, had a Internet outage here from a winter storm.

    Reply
  20. johnny says

    January 3, 2011 at 2:31 pm

    Received an email from godaddy support on 1/1 concerning 1 of 5 wordpress sites I have hosted. It said “If the code being detected is not yours, you will need to review your site to determine how the code was uploaded to your site. If you are using a content management system (such as WordPress or Joomla) you should update it to the latest version to ensure any security holes are closed. If you remove the code without determining how it was uploaded to your site, there is a very strong possibility that it will simply be replaced by whoever initially uploaded it.” Despite my promptly installing new wp updates, this does not seem very reassuring that gd has taken appropriate steps to prevent recurrence of what seems a primarily gd-directed attack.

    Reply
    • Regina Smola says

      January 4, 2011 at 3:38 pm

      That response is terrible! I would request an ftp log immediately and look to see if there are any other IPs besides yourself, change all your passwords (GoDaddy account, FTP, database and all users with administrative rights inside your WP dashboard), and then change the Authentication Unique Keys and Salts in the wp-config.php. Then check your permissions on the server and make sure all directories are set to 755 and files set to 644.

      I would also check to make sure that there are not any “unusual” files on your hosting server. Also do a search inside your database for acrossuniverseitbenet and/or follow Willis’ fix – https://wpsecuritylock.com/malware-attack-acrossuniverseitbenet-hacks-wordpress-sites/comment-page-1/#comment-2549.

      If you need any help, please let me know.

      Reply
  21. stu rader says

    January 4, 2011 at 5:15 pm

    GoDaddy is suppressing the obvious, and why should they care if it creates a need for people to spend more money. Also, what’s obvious to me here is that everyone needs to be aware the number one attack method is for bot herders and exploit attackers to manifest scripts into your .js (javascript) files via open ftp connections.

    Don’t use ftp, use a “Shell” or at a minimum sftp. sftp is either something your host offers free or as an add-on. Not having it is quite costly especially if you run multiple blogs BECAUSE: Once you have an “open” ftp connection established with FileZilla or whoever you FTP client is, the intercepting bots can install the malicious scripts (usually a big chunk of code starting with “<try" at the bottom of the file) in all your blogs running on that server simultaneously in hundreds of places. Icky stuff indeed.

    The best fix and this is NOT for the meek or unfamiliar – do this: ZIP your entire site via your file control panel and download it to your computer. DO NOT use ftp and DO NOT unzip the files. Scan them with AVAST or another reputable scanner. It will tell you the exact locations of all the bad scripts whether they be in wp-contents, plugins, themes, includes etc. Then you can easily go into each file using your online editor and simply erase the script or replace it with a new clean copy.

    Not an easy process, but if you've ever had 10 blogs infected at once, you will be better prepared in the future to never have this happen again.

    hope this helps,
    stu

    Reply
    • Regina Smola says

      January 4, 2011 at 7:32 pm

      Hi Stu,

      Excellent advice! Thanks so much for your comment and sharing.

      I never use anything less than SFTP unless the site I’m working doesn’t have it enabled. Then I advise my client to have it enabled by their host or move to a hosting provider that has it.

      What’s amazing to me is how many sites I work on that are hacked, still on PHP 4, WordPress 2.8x, 15+ outdated plugins, a username as admin, and a password of password123 for everything.

      All we can do is spread the word on how to be safe and give advice, like your info about scanning site files with AVAST and using SFTP as a minimum. Thanks again!

      Reply
      • stu rader says

        January 4, 2011 at 8:02 pm

        My pleasure Regina.

        If someone takes the time to do a real self hosted WordPress install from scratch, they obviously made the effort to understand that it’s just a little harder than falling off a log – but you gotta hand it to them, they wanted to get online and blog – which is the beauty of the software – staying up to date with it is a matter that can trail behind after they made the initial effort. Then of course you have the fantastico and other script installers which may seem easier but can cause headaches down the road . . . of which you are well aware.

        By the time I go through 20 client blogs in a week of update work, I sit back and say, “Ok, which one did I miss”. lol

        See ya on the other side.
        Stu

        Reply
        • Regina Smola says

          January 7, 2011 at 8:53 am

          You are so right, Stu. I love WordPress, and yes there are updates to do, but that happens with any content management system. A little elbow grease goes a long way.

          Reply
  22. Roy Randolph says

    January 4, 2011 at 10:02 pm

    Maybe this is a topic for another thread, what security issues have you seen with installing WP with software installers like Fantastico, SimpleScripts, Softaculous etc?

    Reply
    • Regina Smola says

      January 6, 2011 at 1:41 pm

      Hi Roy,

      Thanks for your question. There are security risks using auto installers. I will create a post tomorrow showing the risks of using auto installers for WordPress.

      Reply
    • Regina Smola says

      January 7, 2011 at 8:51 am

      Just added my review of why not to use auto installers, like Fantastico. You can read it here.

      Reply
  23. blkcatgal says

    January 7, 2011 at 1:39 pm

    My site was one that was affected by this attack. I host with GoDaddy and when I first contacted them about the problem, they denied that there was a problem. I immediately signed up with Securi and they cleaned my site. When I called GoDaddy back about it and filled out a support ticket to at least let them know that my site was affected, I was told that security of my site was my problem, not theirs. I am looking to change hosting companies now.

    Reply
    • Robert Nelson says

      January 7, 2011 at 9:54 pm

      Good thinking BikeCatGal, I would suggest HostGator. Only thing GoDaddy is good for is registration of domain names and even then there are probably cheaper deals available

      Reply
      • Regina Smola says

        January 8, 2011 at 10:38 am

        I second that Robert! I’ve never had a problem with my domains being registered at GoDaddy. Plus, the domain manager interface is great. I also host with HG.

        Reply
    • Regina Smola says

      January 8, 2011 at 10:35 am

      Yikes! Not a very good response, but ultimately you’re responsible to have a secure website for your visitors, which includes hosting it somewhere that’s safe. A good one is HostGator (that’s my affiliate link). To save, enter in our coupon code: wpsecuritylock

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Let’s work together:

Get in touch with us and send some basic info about your project. Don't be shy, we can help with just about anything.

Contact Us!

Footer

  • Facebook
  • LinkedIn
  • Twitter

Contact

Call 815-600-7270
Contact
Mo,Tu,We,Th,Fr 9:00 am – 5:00 pm

Get WordPress Help Now

Chat With Us!
Submit A Support Ticket

Copyright © 2025 | WP Security Lock, Inc