ALERT:WordPress sites hosted on GoDaddy are currently under attack

alertMy usual morning ritual of reading some articles on WordPress while I’m having my Coffe lead me to this thread started by: Bishop3space

I manage a wordpress site for the company I work for and a customer sent us an alarming email yesterday about code being injected into our website for “Car Insurance”.

Injected Code

Basically the wordpress site is injected with a hyperlink that is positioned top:-999 so that the user never actually sees it but the search engine does. What is most surprising about this is the following:

  1. This code is not being generated within wordpress, it’s being injected via the Apache server (This was confirmed by completing deleting and whipping the webserver and then setting up a blank wordpress installation, the code is injected still).
  2. Not a single line of PHP on the webserver is generating this code, I’ve downloaded the entire server to confirm and searched all the php,javascript, html files and this code isn’t in existence anywhere in the source of any of the files.
  3. More Isolation test were conducted, whatever is injecting this code into the wordpress site its doing it on a higher level that the GoDaddy Customer has access to, we believe the code is being injected via the Apache server. Which means that Godaddy servers are being hijacked and Godaddy is keeping a tight lip on it.
  4. GoDaddy before was attempting to tell us that they aren’t responsible for our sites security and that we are responsible for securing and monitoring our site, which is fine if the problem was something that we had the ability to fix.After calling Technical support at GoDaddy and showing them the evidence that we collected to prove that nothing on our site was producing this injection code for “car Insurance” and that the problem was on their end. When we proved to them without a doubt that their apache servers were being hacked, they changed their ton of voice, they said that they would look into it and asked us not to tell anyone about this for “Security” issues.
  5. After doing a web search of sites displaying “By INSURANCQUO car insurance” 99% of the domains that are displaying this information in their meta data are:
  • Running WordPress
  • Running Godaddy hosting
  • Have been infected within the last week

After running more test and inspecting more code and getting professional opinion, It was concluded that “GODADDY, LLC” has been hacked. So If you are running a wordpress site on Godaddy hosting be warned, your site might be linking to either of the domains bellow,

1st http://loansavior.co.uk/ 2nd http://www.insurancequoteuk.co.uk/

We’ve been monitoring page(s) indexes from search engines since about 15 hours ago, this exploit or whatever it is, is spreading and its spreading fast. So far about 230,000 pages have been infected and its increasing by the hour. I tried searching around for any information about this current exploit but I haven’t found anything discussing it. Hoping to give enough warning to individuals before their site is compromised.

If you google search “By INSURANCQUO car insurance” in quotations and then sort by date you’ll see how current this threat it and how its targeting only “Godaddy” hosted sites.

Additionally there is a new version of the injected code being spawned as of about 8 hours ago , if you google search “By EVLNS payday loans and By INSURANCQUO car insurance” in quotations and then sort by date you’ll see another version of the same inserted script.

Note: I remember, last week that ANON was targeting wordpress sites although there is no evidence to suggest that this is connected to ANON yet it might be a good topic to look into.

There is only one thing to say: Backup your WordPress websites and monitore your outbound links


23 comments on “ALERT:WordPress sites hosted on GoDaddy are currently under attack

  1. I am sure this entry has touched all the viewers, its very essential post on building up new web-site.

  2. Pretty nice post. I just stumbled upon your weblog and wanted to say that I’ve really enjoyed browsing your blog posts. In any case I will be subscribing to your feed and I hope you write again very soon!

  3. Currently it looks like Drupal is the preferred blogging
    platform out there right now. (from what I’ve read) Is that what you’re using on your blog?

  4. You can follow the feed on Reddit.

  5. I read this editorial completely concerning the resemblance of hottest and earlier
    technologies, it’s amazing article.

  6. Attractive component of content. I just stumbled
    upon your web-site and in accession capital to assert that
    I get in fact loved account your blog posts. Anyway I’ll be subscribing to your augment and even I achievement you access constantly rapidly.

  7. I did not designed it my self neither hired someone, I just took the advantage of those awesome free wordpress themes. You can find a lot of them here 😉 http://winithemes.com/templates/rbf/orderby/theme_price:asc/

  8. Hey there would you mind letting me know which hosting company you’re working with? I’ve loaded your blog in 3 different
    browsers and I must say this blog loads a lot faster
    then most. Can you recommend a good internet hosting provider at
    a fair price? Thanks a lot, I appreciate it!

  9. Now then! I’ve been reading your website for a while now and finally got the courage to go ahead and give you a hello from Manchester. Just wanted to say keep up the fantastic job!

  10. Excellent blog! Do you have any tips and hints for aspiring writers?
    I’m planning to start my own website soon but I’m a little lost on everything.
    Would you propose starting with a free platform like WordPress
    or go for a paid option? There are so many choices out there that I’m completely confused .. Any recommendations? Appreciate it!

  11. You really make it seem so easy with your presentation but I find this topic to
    be actually something which I think I would never understand.
    It seems too complicated and extremely broad for me.

    I am looking forward for your next post, I’ll try to get the hang of it!

  12. I hardly leave a response, however after reading a bunch
    of comments here ALERT:WordPress sites hosted on GoDaddy are currently under attack | WPBuzzer.

    I actually do have a couple of questions for you if
    it’s okay. Could it be just me or do a few of the comments appear like they are coming from brain dead visitors? 😛 And, if you are posting on other online social sites, I’d like to keep up with anything
    fresh you have to post. Could you make a list of every one of your social sites like your Facebook page, twitter feed, or linkedin profile?

  13. Unfortunately I find myself looking for a new host today. Have used GoDaddy from the get go by sake of convenience, but I just don’t trust them anymore. About every 6 weeks I am having to reload all of my files to their server because of code injecting. Today the problem was code injection as well as old versions of my web pages showing up. This all happens without ever being connected to their servers. I am suspicious in that the first time this happened they tried to up sell me on the idea of paying another $5.95 per month for website security. They claim no knowledge of code modification issues.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: