GoDaddy sites hacked again
After the massive hacks injecting malware into shared hosted sites from several providers back in April and May, it seems they are back at work.
Many sites hosted by GoDaddy are being hacked at the moment I am writing this post. Two of mine were affected an hour ago.
Update: Hit again this morning (Sept 21).
Here is a record of the September virus spree, as I saw on my sites (all CET – Central European Time):
- Friday Sept 17, 2010 – 23:30 CET
- Tuesday Sept 21, 2010 – 08:30 CET
The scenario is the same as a few months ago: Malware is injected into the .php files on the hosted sites, and the visitors of a site are getting redirected to a third website which injects a virus into the visitors’ computer.
At this moment, it seems also other hosting providers were/are attacked, so monitor your blogs. Check if it is infected regularly during the next days. If you get infected, run the script from this post, and your site will be cured in a minute.
You can also use the same script to verify if your site was infected. If you get the message
0 Infected Files in ./
… then your site is clean. If you get a list of infected files, click “Fix Files”, and within a few seconds, your site will be cleaned up. If you use a cache-plugin, don’t forget to clear your cache!
Note that if your site was infected, and you loaded the site yourself, your computer might be infected too. Many antivirus (MacAfee, Norton,..) programmes will NOT catch the infection. Download the free malware scanner from MalWareBytes to verify and cure the infection.
Best of luck to you.
Picture courtesy thenewnewinternet