WP exploit? (8 posts)

  1. Aegaeon
    Posted 5 years ago #

    This might be WordPress or it might be GoDaddy, but my WP 3.0.1 site hosted on GoDaddy was defaced yesterday by iSKORPiTX, along with thousands of others running WP on a linux server (with everything updated). Here is my post on it >> http://netblog.aegaeon.ca/2010/10/30/iskorpitx-strikes-again/

  2. it's a server hack, not WordPress.

    Change your passwords, for wordpress AND your server itself, including SQL. Look into hardening WP, but also contact go daddy about securing your server itself.

  3. Aegaeon
    Posted 5 years ago #

    Thanks for the info! The GoDaddy reps thought it was WordPress, but I was leaning towards a GoDaddy issue (especially since the files were created by root).

  4. Hah, yeah, if the files are created by root, then it's a server hack, and tell the reps to escalate.

    Sadly, GoDaddy can be pretty dense about that stuff.

  5. Aegaeon
    Posted 5 years ago #

    I checked a bunch of sites the sites that were listed to be compromised on the same GoDaddy servers as myself, and some were running Drupal or Joomla instead of WP. So I'm even more certain that GoDaddy did something wrong and WordPress is still awesome!

  6. Go Daddy
    Go Daddy Support
    Posted 5 years ago #


    Just wanted to post a quick update regarding this. It is something we're aware of and was not centralized to WordPress users or Go Daddy. At this time all issues regarding this should be resolved and content restored. Be sure to let our support team know if you're still seeing issues with your account so we can assist in addressing them. We've posted further details on our site through the following URL:



  7. dremeda
    Sucuri Wizard
    Posted 5 years ago #

    If you're still experiencing issues, take a look at this post:


    There is a script to fix if this is the attack that is affecting you.

  8. Aegaeon
    Posted 5 years ago #

    Thanks for the info! So iSKORPiTX could be doing all of these mass defacements on hundreds of different servers via the GLibC exploit?

    Sorry for jumping to conclusions that it was specifically GoDaddy's fault!

Topic Closed

This topic has been closed to new replies.

About this Topic