Original post from http://blogcastfm.com
Hi guys,
Sid here. I want to warn you guys about a massive exploit that has hit a large number of Godaddy Hosted WordPress Blogs this weekend
This hack appears to redirect visitors upon arrival from Google and attempts to install malware on their computers. When I was visiting the site directly, whether logged in or as an Admin, even if I could see the malicious script in my view-source window I did not have any issues and it did not redirect me. This means your site could be hacked and infected and you may be unaware.
I noticed a couple key giveaways:
- In view source, you will see <script src=”http://cechirecom.com/js.php”> located just above the </body> tag on all .php files. If you view source and see this, that’s cause for alarm
- When logged in, you’ll have a screwed up WordPress dashboard. Basically it looks like it is messing up the loading of some CSS in the WordPress Admin area, causing everything to look like the image below:
(Click for larger view)
When arriving from Google, a hacked website will redirect to http://www2.burnvirusnow34.xorg.pl/
The good news is this attack appears to be based only on your actual files – not your database. That’s relatively easy to clean up. In GoDaddy you should be able to revert to an old version of your files (Go to April 23rd or before and you should be fine)
The bad news is we don’t know at this point how the hackers are gaining access.
So far, here’s what I’ve found out about Godaddy’s stance, from another blog that’s also covering this issue:
“Measures are in place to protect the overall security of the shared hosting server on which your website resides. The compromise of your account is outside of the scope of security that we provide for you. Virus scans are performed on the content that is hosted, but they may not pick up everything, largely due to the fact that hackers tend to upload custom scripts which are not picked up by traditional malware scanners. However, if a virus is detected, you will be notified. The overall security of your password and the content within your account is your responsibility, as password compromises and compromises due to scripting can only be prevented by you.”
Please forward this post to your friends, and help us get the word out. It looks like this has compromised a large number of blogs, and especially since it happened over the weekend, there’s a good chance many bloggers haven’t noticed it.
For more information on fixing the issue, please see this post : Cechriecom.com.js.php – WordPress Hacked on Godaddy
This is not your normal BlogcastFM blog post, but since we were hacked this weekend and unaware of the issue for a couple days, I felt we had to say something since our audience is bloggers – and help educate you guys in case you have the same problem. We’ll resume with our normal interviews tomorrow.
That's right Business In The Black joins the thousands of developers that make Native Android Mobile Apps. The one difference is that BIB creates apps for B2B, Businesses, Personal Apps and more for 1/10th the cost of others.
Most apps are $100 max with NO yearly fees like others.
Look at the latest client apps here on the Android Marketplace: https://market.android.com/developer?pub=Darnell+Smith
Small Business Website Special $249
Bonus Android Tablet included FREE!
Mobile Theme included FREE
| Android Powered Tablet Free | Mobile Website Add-on Free | |
 |
 |
|
Small Business Package comes with all you need to do real business and network too!
In the Small Business and Networking package you get a custom designed website based on the famous WordPress platform complete with domain name and one year free hosting. We include a powerful Android Tablet so you can market your new business while networking at events and meetings.
We also include a Mobile Theme that works best on mobile devices like Tablets, Smart phones and others. This theme will switch automatically when displayed on a mobile device.
While installing the basic WordPress core files is an easy task; securing and configuring the essential settings and plug-ins to maximize its full potential takes time to do. Business In The Black will configure and customize your new WordPress Blog to save you time and effort while you can focus on your business.
Let us do the dirty job for you and avail of our cost-effective installation packages.
What you get in all WordPress Installations:
- Domain Name registered in your own name
- Hosting for 1 year ($99 a year after that with no contract)
- Hosting control panel login with private server
- Professional Email accounts setup based on your Domain Name (name@yourdomain.com)
- Complete WordPress Installation updated to the latest version
- Integrate your logo into your custom designed theme (Samples Here)
- Header image customization from selected theme
- 9 Pages added for you (submit in WORD format only)
- Google Analytics integration with reports sent weekly to your email
- Configure Permalinks and optimize Blog for Search Engine Ranking
- Install Social Bookmaking buttons for easy post sharing
- Configure Meta Tags for search engines
- Setup a Contact form with CAPTCHA for spam protection
- Setup basic WordPress security
- Mobile Theme added for iPad, Smartphone and other mobile connections
- Submit Blog to Google, Yahoo and other major search engines (500,000 plus)
- 6 plug-ins with training on how to use each one.
- Invoicing System for online payments
- Newsletter System for sending mass emails to members
- Ecommerce System for selling products online
- Feedback Form system for creating forms
- Advertising System for selling ads
- Image Gallery System
- Document Handler for download documents
- 30 minute Basic Training overview of how to use WordPress (Extensive training material available online from WordPress)
Follow Us!