Forums

WordPress › Support » How-To and Troubleshooting

12347

2.9.2 site hacked (188 posts)

  1. yaysloths
    Member
    Posted 1 year ago #

    The fix posted by dd@sucuri in this thread seems to have worked like a charm for my affected site (I'll link to the page with the fix here in case impatient people are skipping to the end of this thread).

    For the record, all of my wordpress sites have been running 2.9.2 since its release, and only one site was affected by this latest b.s.: the one hosted on a shared linux server at GoDaddy. My friend's BlueHost sites were fine and all the sites on my own server were fine. So GoDaddy's statement that this was a problem affecting only people running outdated versions of WP is just ridiculous.

  2. Steve D
    Member
    Posted 1 year ago #

    NS put it plainly and honestly today.

    This “.nts” file addition is occurring mostly within the structure of customers’ WordPress installations, however the issue is not with WordPress.

    I give them credit for going all out to protect customers even if painful at times after they realized it wasn't just a WordPress issue but something a little more serious that needed to be contained.

    Obviously there is still work to do but much progress has accomplished in neutralizing a serious threat. What other choice is there?

    I wouldn't take anything for granted if I was any hosting company in this country you could be next.

  3. helpme11
    Member
    Posted 1 year ago #

    my site is hosted on a linux server at GoDaddy and its messed up.

  4. helpme11
    Member
    Posted 1 year ago #

    my site is still down!! my traffic has plummeted - what a disaster....

    what happens after i get the site back up... will i be penalized by search engines for having a dead site for almost 5 days!!!

  5. helpme11
    Member
    Posted 1 year ago #

    i was advised to take the site off because the script or code or php code could possibly spread to visitors - so my friend took my site down to get it fixed.

    i didnt want visitors to get hit too!!

    i did a godaddy search on hacking and wordpress and i realize this isn't the first time this has happened.

    so if this happened again... and again... its most likely going to happen once more...

    can you both wordpress and godaddy please hire someone who can stop this.. start looking at IT resumes... and get someone on top of the IT skills game!!

    put this on your agenda in the next meeting!!

    if your reading this... please.. add this as an action item!!

  6. weddingcakes
    Member
    Posted 1 year ago #

    One of my wordpress blog which is hosted on godaddy got this junk code/malware a few months back, so i did a clean re-install but looks like its hacked again. Am currently taking it to hostgator, doing an absolute clean install and just praying that it does not comes back.

    just wondering, can't these hosting providers take some legal action against hackers like this?

  7. Ipstenu
    Half-Elf Support Rogue & Mod
    Posted 1 year ago #

    If they could catch them, yes.

    Alternately, I'd check my SLA with the host and see if I could sue (or get recompensation) from them for poor security. If indeed it's my host and not me.

  8. weddingcakes
    Member
    Posted 1 year ago #

    @Ipstenu, why can't a host as big as godaddy/bluehost/hostgator can not catch a hacker, and we all can be sure of one thing that its certainly not a consumer's fault, so many people are getting hacked... it is no longer a problem of a few people...

  9. Steve D
    Member
    Posted 1 year ago #

    New tricks by the criminals.

    DO NOT GO to this story. You'll be attacked instantly.

    Mass Shared Host Website Hack
    ‎Ghacks Technology News - 1 hour ago
    These servers host multiple websites by different users. Affected web hosting companies are Go Daddy, Bluehost, Media temple, Dreamhost and Network ..

    5/9/2010 11:06 AM,High,
    An intrusion attempt by www1.firesavez7.com was blocked

    Risk Name HTTP Fake Scan Webpage 5
    Attacking Computer www1.firesavez7.com (209.212.149.20, 80)
    Attacker URL www1.firesavez7.com/107a9dcdafc2f5304469e3e909971c691f503009011.js
    Traffic Description TCP, www-http

  10. Steve D
    Member
    Posted 1 year ago #

    Alright here we go.

    Ghacks Technology News
    Current Registrar: GODADDY.COM, INC.

    He's been hacked.

  11. helpme11
    Member
    Posted 1 year ago #

    okay my site is back from being offline for 6 days... my traffic on analytics has gone to 0-26 from 10,000 visitors a day plus

    my site was hosted on godaddy and using wordpress.

    I had the newest version of wordpress

    (I love wordpress by the way!!!! - its so easy for me to use not even know anything about HTML coding etc.... i love it)

    My IT expert who helped me get my site back said:

    I got a script put into my site
    I use a shared server which makes it vulnerable
    And All he did was move my site to a new folder.
    And on the hosting site i had an old copy of wp sitting there. (which i didnt' use - and should of deleted)

    So Im back with my site up!!

    It cost me some money to pay my IT expert. not much.

    This internet world is not as fun as I thought it would be.

    Till next time!

    Everyone have a great day! until another hacker screws us again.

    Well if you the hacker or ????? and are reading this. I say KARMA to you.

    Have a wonderful day to all. :)

  12. wilkies0106aw
    Member
    Posted 1 year ago #

    I'm not with GoDaddy, I'm with a "front" for them. Has anybody told 'GDsupport' that this is affecting the 2.9.2. version? Support response is to upgrade to 2.9.2. I told my support, I'm already on 2.9.2 .

    They said oh we didn't know that it was affecting 2.9.2 users. This being despite I've emailing my support lot 3 times.

    http://community.godaddy.com/godaddy/wordpress-compromised-how-to-fix-it/

  13. abhi_qa
    Member
    Posted 1 year ago #

    Hi, My wordpress site on godaddy hosting also got infected but a simple script to automatically clean this up for you:

    http://blog.sucuri.net/2010/05/simple-cleanup-solution-for-latest.html

    I just cleaned a few sites using it and takes less then 5 minutes.

  14. wilkies0106aw
    Member
    Posted 1 year ago #

    Just thought I'd let you know. I've a site that is not WP. It is literally a couple of html pages on the same shared hosting. I had a couple of Add to Cart buttons that where not appearing. They hook into a payment system.

    I thought what the heck, ran the script that has already been posted several times. All is back to its goodness.

  15. ClaytonJames
    Member
    Posted 1 year ago #

    Alright here we go.
    Ghacks Technology NewsCurrent Registrar: GODADDY.COM, INC.
    He's been hacked.

    The registrar is Go Daddy.. but I think I'm seeing ghacks.net as hosted by Cogswell Enterprises ( could be wiredtree.com? ). I think the commonality there is just the name servers-
    ns17.domaincontrol.com, ns18.domaincontrol.com. If you take a look at some samples of the domains using those name servers, and the registrars for those domains, it all looks familiar.

    NS18.DOMAINCONTROL.COM SUMMARY
    Domain Name domaincontrol.com
    IP 208.109.255.9
    IP Location Scottsdale, AZ, US
    http://who.is/whois-ip/208.109.255.9/

    But you can't read anything into that information, or jump to any conclusions from it. It's just very interesting to follow all the breadcrumbs.

  16. lawless
    Member
    Posted 1 year ago #

    Here's GoDaddy's response on their Support page:

    http://community.godaddy.com/godaddy/wordpress-compromised-how-to-fix-it

    Pretty lackluster considering the scope of this problem.

  17. wilkies0106aw
    Member
    Posted 1 year ago #

    I don't know how, but my sites seem to have become infected again despite running the script and doing various other things to secure my site.

  18. calvin13
    Member
    Posted 1 year ago #

    It is happening again:

    http://blog.sucuri.net/2010/05/lots-of-sites-reinfected-now-using.html

    Probably a security hole in Godaddy...

  19. wilkies0106aw
    Member
    Posted 1 year ago #

    The irony is I didn't even bother phoning my support guys this time around. I'd get that dumb look and "we don' support scripting" answer I always seem to get. Yet,I somehow don't think GD will say it is a security hole in their system.

  20. calvin13
    Member
    Posted 1 year ago #

    I would try to send your problem to:

    https://www.godaddy.com/securityissue

    I did it a couple hours ago... I'm waiting a response...

  21. Inv_Trdr
    Member
    Posted 1 year ago #

    I am running my site http://invictatrader.com on GoDaddy also. Even though I am on WP version 2.9.2 this is the second time in less than 2 weeks this happened. Will try running the script.

  22. wilkies0106aw
    Member
    Posted 1 year ago #

    Fired off another email to my hosting provider who is a front for GD.

  23. wilkies0106aw
    Member
    Posted 1 year ago #

    Scripted worked for me again. phew

  24. calvin13
    Member
    Posted 1 year ago #

    In my case, I have up to date wordpress (2.9.2), plugins, file permissions are ok, strong passwords... and i was hacked twice (my blogs and my bbpress forum)...

    I have a Mac, so, i don't think it was a problem of virus in my computer...

    I have another hosting account in bluehost and i haven't had any problem...

    I think the problem is Godaddy...

  25. Inv_Trdr
    Member
    Posted 1 year ago #

    I ran the script and it said it was done but my login page is still funny. Will see if it fixed all the files.

  26. wilkies0106aw
    Member
    Posted 1 year ago #

    After the last round. I changed all my passwords to twice the length. Thankfully never used the default admin username for anything.

    Changed the sql table prefix and installed the wp security scanner plugin and ran that too.

    I'm certainly no WP or SQL whizz.

    I'm told I'll have a response within the hour....mmm. It's getting late where I am.

  27. Samuel B
    moderator
    Posted 1 year ago #

    the problem is definitely godaddy

    and again

    http://www.blogtips.org/how-to-cure-your-godaddy-wordpress-hacked-blog/

  28. wilkies0106aw
    Member
    Posted 1 year ago #

    Surely there must be a best practice guide for shared hosting? I wonder if GD follow it or how do they host compared to others i.e. Bluehost.

  29. Samuel B
    moderator
    Posted 1 year ago #

    I find it interesting that at NetWork Solutions when they got hacked massively, they were very transparent about it - admitting it was not wordpress but their own problem...yet godaddy is trying to hide and down play this hack to their servers

  30. wilkies0106aw
    Member
    Posted 1 year ago #

    I'm just so grateful for the script. I'd suspect GD is running scared. They don't either know what is causing it or who. Or more likely how to fix it.

    They'll be worried people will leave them as a hosting provider. The irony is most people wont.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags