You are here: Home / Blog / Breaking News: WordPress Hacked with holasionweb on Go Daddy!

Breaking News: WordPress Hacked with holasionweb on Go Daddy!

By 118 Comments

Wordpress Hacked Godaddy Holasionweb Realsafe-23WordPress sites self-hosted on GoDaddy.com are reporting being maliciously hacked today with <script src="http://holasionweb.com/oo.php"></script>!

Warning: This is dangerous malware! Anyone visiting an infected website can get their computers infected, if they do not have a up-to-date anti-virus program using the latest threat definitions. If you receive a message to download anything when visiting an infected site, do NOT click "yes" or "okay" to download.

If your website is infected, put it down for maintenance immediately. There are instructions on how to do so at this post.

We have also received reports that this not only affected WordPress installations, but Joomla and other php-based platforms.

Here's the holasionweb symptoms:

  1. Infected sites get redirected to a fake AV (scareware).
  2. Some home pages are not showing the virus, but when clicking on a post or page, you will see the redirect (below).
  3. Redirects to a blank page at www.1.realsafe-23.net/?......
  4. Source code reveals <script src="http://holasionweb.com/oo.php"> in the the header section </head> of the infected pages.

Wordpress Hacked Godaddy Holasionweb Realsafe-23

How to fix your hacked WordPress site on GoDaddy.com

  • We have written up instructions on how to remove malware and restore your WordPress site here.
  • David Dede, of Sucuri.net, has written more information about this malware and created a simple clean up solution here.

We have informed Go Daddy's Security Department. We will continuously add updates to this post as they become available.

UPDATE 5/12/2010 at 10:15am: We have heard from Go Daddy. They are aware of this current issue and will be providing us with information soon.

UPDATE 5/12/2010 at 12:00 pm: Here's a statement we just received from Go Daddy to share with you.

Bloggers,

We've identified and are working with the provider and hosting company from where the attacks are originating. With the help of the blogging community, we're close to breaking additional details related to recent malware attacks. Additional information will be provided to the other hosting providers involved in the same situation and the blogging community as available and as appropriate.

In the meantime, we've posted some perspective, additional information and quotable tidbits on the Go Daddy Blog: What's Up with Go Daddy, WordPress, PHP Exploits and Malware?

- Noah Plumb
Go Daddy Communications

UPDATE 5/11/2010 at 2:00pm: We are receiving reports that other hosting companies are infected with this malware. So it is spreading. Thank you for all your comments. We are doing our best to read and approve incoming comments, while we fix hacked websites.

VERY IMPORTANT!!! UPDATE 5/11/2010 at 5:20pm: Change your database password immediately. We are finding some sites that have mystery files contain database information that was copied from the wp-config.php file.

Securely yours,

Regina Smola
Follow me on Twitter
Follow WPSecurityLock on Twitter

Related Posts:

Filed Under: Blog, Malware and Virus Alerts Tagged With: , , , , , , ,
About Regina Smola

Regina is a sought-after WordPress Security Expert, Speaker, Author and owner of WPSecurityLock.com and WPSecurityClub.com.

She has helped thousands of WordPress users tighten security on their WordPress blogs and written numerous articles, books and action guides on securing self-hosted WordPress websites.

Regina provides WordPress Security Services for clients with both new and existing WordPress websites. She also offers individual consultations and group training on WordPress security. More about Regina Smola.

Speak Your Mind

*

You can add a link to follow you on twitter if you put your username in this box.
Only needs to be added once (unless you change your username). No http or @ Twitter
Stop SOPA