Welcome to p2pnet.net - The original daily p2p and digital news site. Always First!
REGISTER | LOGIN
Cool Stuff
MPAA News
Games / Consoles
News
Music
Movies
Reviews
Open Source
Mobiles
Advertising
Products
P2P
Off Topic
Freedom
Politics
Interviews
Security
DRM
Links
Kids and Kartels
Scroogle Search: 
Search
 
Web p2pnet   
   Search: 
Search
Torrent Site Tracker
    Sponsored by
Frostwire
 
p2pnet
 


mp3rocket
 
Add real-time p2pnet headlines to YOUR site ! Click here to download our newsfeed code

Godaddy WP blogs hacked: Cechriecom.com.js.php

p2pnet view Security | P2P:- “A nasty little exploit has hit a large number of Godaddy Hosted WordPress Blogs this weekend”, says CmdrTaco on Slashdot.

“The best part is that the exploit only executes when the traffic is referred by Google, making it the sort of thing that site maintainers won’t easily notice”, he says, adding, “Clever and devious.”

The story links to http://blogcastfm.com/announcements/warning-massive-number-of-godaddy-wordpress-blogs-hacked-this-weekend/ – but “You don’t have permission to access /announcements/warning-massive-number-of-godaddy-wordpress-blogs-hacked-this-weekend/ on this server”, said the site when we went there at 9:30 am Pacific.

“Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request”, it said.

However the Google cache with today’s date (thanks again, Google 8-) ) gives us >>>

Hi guys,

Sid here.  I want to warn you guys about a massive exploit that has hit a large number of Godaddy Hosted WordPress Blogs this weekend

This hack appears to redirect visitors upon arrival from Google and attempts to install malware on their computers.  When I was visiting the site directly, whether logged in or as an Admin, even if I could see the malicious script in my view-source window I did not have any issues and it did not redirect me. This means your site could be hacked and infected and you may be unaware.

I noticed a couple key giveaways:

In view source, you will see <script src=”http://cechirecom.com/js.php”> located just above the </body> tag on all .php files.  If you view source and see this, that’s cause for alarm

When logged in, you’ll have a screwed up WordPress dashboard. Basically it looks like it is messing up the loading of some CSS in the WordPress Admin area …

When arriving from Google, a hacked website will redirect to http://www2.burnvirusnow34.xorg.pl/

The good news is this attack appears to be based only on your actual files – not your database. That’s relatively easy to clean up.  In GoDaddy you should be able to revert to an old version of your files (Go to April 23rd or before and you should be fine)

The bad news is we don’t know at this point how the hackers are gaining access.

So far, here’s what I’ve found out about Godaddy’s stance, from another blog that’s also covering this issue:

“Measures are in place to protect the overall security of the shared hosting server on which your website resides. The compromise of your account is outside of the scope of security that we provide for you. Virus scans are performed on the content that is hosted, but they may not pick up everything, largely due to the fact that hackers tend to upload custom scripts which are not picked up by traditional malware scanners. However, if a virus is detected, you will be notified. The overall security of your password and the content within your account is your responsibility, as password compromises and compromises due to scripting can only be prevented by you.”

Please forward this post to your friends, and help us get the word out.  It looks like this has compromised a large number of blogs, and especially since it happened over the weekend, there’s a good chance many bloggers haven’t noticed it.

For more information on fixing the issue, please see this post : Cechriecom.com.js.php – WordPress Hacked on Godaddy

This is not your normal BlogcastFM blog post, but since we were hacked this weekend and unaware of the issue for a couple days, I felt we had to say something since our audience is bloggers – and help educate you guys in case you have the same problem. We’ll resume with our normal interviews tomorrow.

“This is dangerous malware!” -  warns WP Security Lock, going on:

“It tries to infect your visitors computers with a virus. If a visitor is not protected with a good, up-to-date anti-virus program, their computer will become infected. And it needs to be removed immediately.”

(Cheers, Cliff)

Follow p2pnet on Twitter

..

First they ignore you, then they laugh at you, then they fight you, then you win ~ Mahatma Gandhi

SlashdotMassive Number of Godaddy WordPress Blogs Hacked, April 26, 2010
WP Security Lock – Cechriecom.com.js.php – WordPress Hacked on Godaddy | Case Study, April 24, 2010

Use free p2pnet newsfeeds for your site. Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/feed

Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details. Click here to learn what technologies might help you bypass censorship in your area.

This entry was posted on Monday, April 26th, 2010 at 1:37 pm and is filed under P2P, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 19586 times

« previous
next »

5 Responses to “Godaddy WP blogs hacked: Cechriecom.com.js.php”

  1. Anonymous Says:
    April 26th, 2010 at 1:56 pm

    I spotted this about 2-3 weeks ago.

    If i’m not mistaken back in March people started getting redirected by wp on Network Solutions servers

    This is a month old!

    If they’ve know this for a month (likely more) how can they turn around and say this BS:
    ” “Measures are in place to protect the overall security of the shared hosting server on which your website resides. The compromise of your account is outside of the scope of security that we provide for you. Virus scans are performed on the content that is hosted, but they may not pick up everything, largely due to the fact that hackers tend to upload custom scripts which are not picked up by traditional malware scanners. ”

    If they’ve know for a month, wouldn’t any sane and normal security conscious company have done something long ago in terms of what it is scanning and securing?

    Guess not.

  2. Anonymous Says:
    April 27th, 2010 at 2:49 am

    This is why I don’tdaddy…

  3. Patrick Curl Says:
    May 1st, 2010 at 6:31 pm

    I’m a social media guy – and my sites were hacked as well – second time in a week – we’re trying to get some motion behind godaddy and make them hire some people or do something to make their service more secure. As such I’m starting a Twitter grassroots campaign. I’m no way affiliated w/ the link – but we all need to tweet this message and retweet it as often as possible today – we’re trying to get #ihategodaddy as a trending topic.

    The tweet: RT @patrickcurl Customers transferring OUT of GoDaddy QUADRUPLE! http://bit.ly/dvwtoT #ihategodaddy pls RT

  4. gavacho Says:
    May 3rd, 2010 at 7:10 am

    It’s not just WordPress, and it’s not just traffic coming from Google. Our Godaddy website was hacked, just like the other reports and it doesn’t use WordPress or anything similar. It’s just a basic PHP site. And the hack worked even with direct access by typing the URL into the browser. WordPress should sue Godaddy for blaming them for Godaddy’s security lapse.

  5. Sash Says:
    May 3rd, 2010 at 1:29 pm

    WordPress also needs to do a better job in educating it’s end users on why security is as important as blogging about “me”. The amount of improperly secured and maintained WP Blogs out there is frightening and the hackers know it. I’m hesitant to even visit any WordPress sites after these attacks this past month.

Leave a Reply

ONLY items referencing the post at hand, please. No links to personal sites, no personal attacks, trolling, freebie advertising, or off-topic posts. Thanks. And Cheers!

    Sponsored by
tek savvy