You are here: Home / Blog / CONTINUING STORY – Dangerous Malware Alert – Self-Hosted Sites Hack Update – Go Daddy Responds!

CONTINUING STORY - Dangerous Malware Alert - Self-Hosted Sites Hack Update - Go Daddy Responds!

By 101 Comments

Dangerous Malware Alert - GoDaddy RespondsThe aftermath of the on-going hacks directed at major hosting services continues to cause pain with those trying to clean up and restore their sites.

Once again, we at WPSecurityLock.com want to stress that these attacks are not limited to any one platform or any one hosting company. We have had reports for not only WordPress installations, but Joomla, Pligg and "Simple Machines Forum" as well.

Monday, May 3, 2010, Go Daddy reached out to us to join them on a conference call. Go Daddy security and communications team members participated with our WPSecurityLock team. Be assured that they, as well as the blogging community, are frustrated but persistent on working through these problems.

We at WPSecurityLock want to emphasize that all parties must work together against the common enemy - the malicious hackers. WordPress, Go Daddy, Network Solutions and users with weak passwords are NOT the enemy. The attackers should be the focus, not the attacked.

The following is a statement from Go Daddy Communications:

Go Daddy Cares! Here's some info...

We do take our position as an Internet leader seriously, especially when it comes to security. This is why we are going the extra mile to get the word out. We appreciate your invitation to answer the question, 'What is Go Daddy doing to help?'

As the world's #1 Web host provider, Go Daddy is a logical target for speculation and misinformation. With this exploitation issue, both the prevention and the cure are not under our control -- because the customer decides whether to update the software they run. (If you think about it, it's like forgetting to lock your car and blaming the auto manufacturer when your car is stolen.) Our job is to help identify issues and inform our customers about how they can protect their sites.

This is why we are working to proactively communicate and educate Internet users about this situation.

Here are a few of the initiatives we have going right now.

As a service to our customers and all Internet users:

  • Go Daddy scanned our 4M hosted sites to identify sites impacted (we did this immediately upon learning about the issue last week, and again over the weekend).
  • Contacting Go Daddy customers impacted by phone and/or email to let them know how to protect their sites (in some cases, we've alerted them even before they realize they are impacted).
  • Go Daddy is also taking the leadership role with educational communication -- posting Help Articles to our Community & Customer Service pages to provide "1,2,3 Info" on how to properly update software.

    We'll update the Help Articles as needed and also be posting another Help Article with actual illustrations/screen shots to make the security update process easy for even the most remedial of Web users to follow.

Phil Stuart
Go Daddy Communications

We at WPSecurityLock are committed to educating our readers and getting the word out that security is no longer optional. Please take your blog and site security seriously and take the steps needed to lock down your blog. Go Daddy is making some strong efforts to keep out the attackers. We hope that GoDaddy.com reaching out to us and directly to their customers becomes a refreshing trend in customer service.

The customers out there are scared, mad and tired of restoring and rebuilding. Your voices are being heard! The tide of comments from you, our readers, has got their attention. Have you heard from Go Daddy? Have they reached out to you?

UPDATE 5/4/2010 at 3:15pm CST: Here's an updated statement from Go Daddy...

All info with Help articles can be found on our Community Page:
http://community.godaddy.com/groups/go-daddy-hosting-connection/forum/topic/wordpress-compromisedhhow-to-fix-it/

Phil Stuart
Go Daddy Communications

UPDATE 5/5/2010 at 3:00pm: We'd like to thank Scott from Go Daddy's IT Security Operations department for speaking at our teleseminar today. The audio replay is now available on the webcast page. If you missed this event, you can still register here and listen to the replay.

Scott has provided the following helpful links for you:

How to identify the version of WordPress you're using: http://community.godaddy.com/groups/go-daddy-hosting-connection/forum/topic/is-my-wordpress-version-up-to-date/

Our community thread on best practices for cleaning: http://community.godaddy.com/groups/go-daddy-hosting-connection/forum/topic/wordpress-compromisedhhow-to-fix-it

Upgrading WordPress the "best practice" way:
http://help.godaddy.com/article/6072

Form to contact our Security Team:
www.godaddy.com/securityissue

UPDATE 5/5/2010 at 5:00 pm: We have just uploaded a portion of today's WordPress Security Teleseminar with Scott from Go Daddy. You can listen to the audio by pressing the play button below:

Audio clip: Adobe Flash Player (version 9 or above) is required to play this audio clip. Download the latest version here. You also need to have JavaScript enabled in your browser.

Get Secure! Stay Secure!

Allen Dresser
for WPSecurityLock
http://InternetTechGuy.com

Regina Smola
Owner
http://WPSecurityLock.com

REGISTER NOW TO LISTEN TO THE AUDIO REPLAY WITH GO DADDY AND WPSECURITYLOCK!
You can still listen our WordPress Security Teleseminar Replay with special guest, Scott from Go Daddy recorded on May 5, 2010. Plus, you can still sign up for our May 19, 2010 at 9pm EST teleseminar. You can participate live from anywhere in the world. Click Here To Register Now!

Pin It
Filed Under: Blog, Malware and Virus Alerts, Web Hosting Tagged With: , , ,

Comments

  1. PinoyStitch says:
    May 12, 2010 at 5:27 am

    Malware strikes again! It redirects to holasinweb.com. This is the 3rd attack on GoDaddy. The last attack did not affect my zen cart. I had all the security measures in place. From that time I added another directory with the latest version 1.3.9b and it was password protected (directory). Everything was infected.

    From looking at the files, this was the activity that happened.

    5/11/10 @ 9:22pm a file called him_vivie.php was deposited and deleted from the root of my directory.*
    5/12/10 @ 2.08am it infected all the files

    *this means if you looked at your directory present time, you won't find any suspicious php file since it was already deleted.

    This could not have been an FTP compromise, I have changed my ftp to a very strong password and as I said, even the directories for admin and the other 1.3.9b has been password protected just to view.

    Is GoDaddy going to maintain this is another case of website not updated?

    Reply
  2. Sam says:
    June 10, 2010 at 2:33 am

    All our wordpress sites at godaddy have been hacked too.

    date 26 may10

    There is definitely some loophole in their hosting otherwise all customers hosting wordpress didn't had such problem between 24-30 may10

    Reply
« Older Comments

Speak Your Mind

*

You can add a link to follow you on twitter if you put your username in this box.
Only needs to be added once (unless you change your username). No http or @ Twitter