2.9.2 site hacked (188 posts)

  1. Daniel Cid
    Sucuri.net Support
    Posted 6 years ago #

    Happened today again at GoDaddy.

    This time pointing to: http:// cloudisthebestnow.com / kp.php

    Details: http://blog.sucuri.net/2010/06/godaddy-sites-hacked-with-cloudisthebestnow.html

    The script still works:

  2. SKMapro
    Posted 6 years ago #

    My blogs hosted on godaddy were hacked today (6/8 at 2:24pm) with the base 64 code. I am new to the world of websites, but found this forum and particularly drcopy's post from 3 weeks ago very helpful.

    My dashboards were showing up as pure text and wouldn't let me edit or add any new pages or adjust the content. Then I found the extra text in php files and saw they had all been changed this afternoon.

    For any other newbies like myself, I used drcopy's advice:
    "But since I am with GoDaddy, I use their "history" feature in the file manager. When I see that my sites are infected, I delete every PHP file in the root directory and delete ALL WP folders. Then I go back a day with the history feature and restore all these files. This takes just a few minutes. Done. Problem solved...until the next hack. "

    Google " godaddy restoring a linux hosting account" if you don't know how to do the above- I didn't. Then the only thing I was temporarily confused about was if you restore the files, godaddy will make you change the file names to include "restore" before you can finish the process. So then you've got to select them all and hit "rename" up in the tool bar and go back and take all those 'restore' additions out so they have their original names. At least, that's the way I did it, and it worked. If there's a way with less steps, maybe someone will let us know!

  3. ardvark
    Posted 6 years ago #

    I got it again with WP 3.0. I'm on Dreamhost and not sure what to do to prevent this. Sure, the fix seems to work, but I have pushing out these hacks to site visitors and I would like to resolve this once and for all.

    I have changed all my hosting passwords as well as my WP administrative passwords and they are extremely secure.

  4. herwitz
    Posted 6 years ago #

    Hi Everyone,

    My WordPress blog - which lives at http://christian.herwitz.com - is all kinds of messed up. If you navigate to the site, you'll see that it launches a bogus Windows-esque malware scan (http://www1.glory4.co.cc/?p=p52dcWplanKHjsbIo22AgXOOipnVbWGWZInT1m6uqG2Lw8ydb5aYh5mamavKU9janW2QZWVslmSUaGGeZYnX15Krp6mikomqb1qtnaygnXaHk83Slm1Tqpud22qImaCjXpqYkWJwYGiWj5Rpa1qrmZ5xoK3VnZ6VYJOVppur2JbDnl7OktXbzKWxYJnUzpJfpqd2ZWprb3CXZJqaaVahp2R1lV%2BZZ2ecZJmYm1ealXO6tImwm5h2bWto), trying to get you to download executables. Google Webmaster Tools isn't picking up whatever's doing this, so does anyone here have any suggestions?

    My site's on Bluehost, with WP 3.0, and the sucuri.net fix doesn't seem to work.

    Thank you for your help!


  5. Manish
    Posted 6 years ago #

    All my WP sites at HostMonster got hacked 3 days back !
    I have sun the sucuri script and alls well but whats the permanent solution ? Is it being discussed in any other thread here ?

  6. Daniel Cid
    Sucuri.net Support
    Posted 6 years ago #

    nims: I don't think there is anything you can do, since those are mass attacks against hosting companies.

    It looks like Godaddy fixed their servers, since no one else got hacked there. However, Bluehost and dreamhost keep getting hacked. The last one was from whereis dudescars .com:


  7. danjenkins
    Posted 6 years ago #

    yes i am on dreamhost and sites hacked again. the two other hosts i have are fine.

    am going to solve this problem by moving my sites and cancelling my hosting with dh.

    when i ask for help dh says it's a wordpress issue. and wordpress forums say it's a host issue. becoming a sad joke.

  8. battlefieldmax
    Posted 6 years ago #

    danjenkins: try this host there very reliable easy to use and can help if your site is hacked again


Topic Closed

This topic has been closed to new replies.

About this Topic