So, when the Servers at GoDaddy get compromised who is to blame and who should have to fix things?
For me, this is the second time in month. When I first notice an issue, I call GoDaddy customer support. I call a lot. Sometimes, I get lucky and get someone who knows what they are doing. Sometimes, I get “Mr. Itshould work”. The one thing they all have in common is they start the conversation with a disclaimer that they are not WordPress and they are not in business to offer WordPress support.
Here is my first issue.
Go Daddy is offering a service that I am spending good money on. They should be able to guarantee their product. Their product, the server space, was compromised. Shouldn’t GoDaddy have to fix it since they couldn’t prevent the compromise? Anyone else selling a product would have to.
My second issue is this..
I call for help, more than 10 times- lost count- and everyone either tells me something different or ignores the fact that there may actually be something wrong. Do the GoDaddy techs ever consult with one another to share information and make something better? Any other work place would do this.
My biggest issue is this…
GoDaddy gives us instructions and send us articles on how to fix things our self. Do you think the average person knows what you are talking about with this ““eval(base64_decode(XXX))”)”. This latest attack hit EVERY PHP file I had! I attempted to remove this crap and I wound up removing a useful base64. I gave up and went to my history panel and reverted to last Wednesday. That and switching to my older version of Thesis seems to have helped. I’m going to reinstall a fresh current version.
My gripe is this- if I were running a company that provided a service, you had better believe that I would stand behind that service. GoDaddy’s servers were hacked- they should be the ones to remove the base64 junk. They’ve got the bucks (from us) to hire the knowledgeable individuals to do this. It would certainly save them money when people like myself bail on them. When I leave, I take my clients with me btw.
HERE ARE SOME FYI’s
WordPress blogs hosted on Go Daddy and other hosting companies were hacked by another malicious attack on April 24, 2010 at 6:54am. What was visible in the source code was <script src=”http://cechirecom.com/js.php”> located just above the </body> tag on all .php files.
This is dangerous malware! It tries to infect your visitors computers with a virus. If a visitor is not protected with a good, up-to-date anti-virus program, their computer will become infected. And it needs to be removed immediately. read more
Sid here. I want to warn you guys about a massive exploit that has hit a large number of Godaddy Hosted WordPress Blogs this weekend
This hack appears to redirect visitors upon arrival from Google and attempts to install malware on their computers. When I was visiting the site directly, whether logged in or as an Admin, even if I could see the malicious script in my view-source window I did not have any issues and it did not redirect me. This means your site could be hacked and infected and you may be unaware.
Read more From Blog Cast Fm
Cedar said 1 day, 20 hours ago:
Recently some people have been seeing malware injections into their WordPress sites and even though they have attempted to clean it, the malicious code resurfaces. This is usually because either the source of the compromise (usually outdated WordPress versions or weak FTP passwords) was not fixed, or the malicious code was not fully removed.
If you haven’t already, please read this message from our Chief Information Security Officer, Todd Redfoot http://community.godaddy.com/support/?ci=19370
Do you need to upgrade? Check what version of WordPress you have installed:
If you’re concerned you have been compromised with a malware script injection, you should perform the following:
1. Search your content (any .php file) for anything that contains ”eval(base64_decode(”. If you find it, please remove the entire line (i.e. “eval(base64_decode(XXX))”)
2. You should review the users you have in your wp-admin control panel and make sure there aren’t any you didn’t authorize.
3. Some malware files are hidden in image directories. Be on the lookout for .css or .jpg files that end with a .php extension such as wp-includes/js/tinymce/themes/advanced/skins/default/img/style.css.php
To remove the immediate threat:
1. Follow the step-by-step instructions to restore your site to a date prior to the compromised located at http://help.godaddy.com/article/5091
2. If you do not see the ”History” feature in the File Manager, please contact our support team 24/7 at 480-505-8877 for assistance restoring your site’s content.
To permanently fix your site:
1. Make a note of any customizations you’ve made, such as plugins, themes or any other modifications to the standard WordPress installation.
2. Use FTP or the File Manager to remove all files from the website, be sure to save anything that isn’t part of WordPress!
3. Reinstall WordPress through Hosting Connections or with the latest version from WordPress.org
4. Verify the WordPress users are correct and authorized
5. Re-install any plugins and themes you were using
6. Reload any additional.php files from known clean copy
This is the best method to ensure it is 100% clean, and to ensure the site was not attacked previously and has hidden backdoors loaded deep into the site.
It is extremely important to keep your WordPress software up to date and use strong passwords for your WP admin, FTP and Database, and that you don’t use the same password for all of them.
If you have WordPress installed on your hosting account but are not using it, we recommend removing it.