“The best part is that the exploit only executes when the traffic is referred by Google, making it the sort of thing that site maintainers won’t easily notice”, he says, adding, “Clever and devious.”
The story links to http://blogcastfm.com/announcements/warning-massive-number-of-godaddy-wordpress-blogs-hacked-this-weekend/ – but “You don’t have permission to access /announcements/warning-massive-number-of-godaddy-wordpress-blogs-hacked-this-weekend/ on this server”, said the site when we went there at 9:30 am Pacific.
“Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request”, it said.
However the Google cache with today’s date (thanks again, Google ) gives us >>>
Sid here. I want to warn you guys about a massive exploit that has hit a large number of Godaddy Hosted WordPress Blogs this weekend
This hack appears to redirect visitors upon arrival from Google and attempts to install malware on their computers. When I was visiting the site directly, whether logged in or as an Admin, even if I could see the malicious script in my view-source window I did not have any issues and it did not redirect me. This means your site could be hacked and infected and you may be unaware.
I noticed a couple key giveaways:
In view source, you will see <script src=”http://cechirecom.com/js.php”> located just above the </body> tag on all .php files. If you view source and see this, that’s cause for alarm
When logged in, you’ll have a screwed up WordPress dashboard. Basically it looks like it is messing up the loading of some CSS in the WordPress Admin area …
When arriving from Google, a hacked website will redirect to http://www2.burnvirusnow34.xorg.pl/
The good news is this attack appears to be based only on your actual files – not your database. That’s relatively easy to clean up. In GoDaddy you should be able to revert to an old version of your files (Go to April 23rd or before and you should be fine)
The bad news is we don’t know at this point how the hackers are gaining access.
So far, here’s what I’ve found out about Godaddy’s stance, from another blog that’s also covering this issue:
“Measures are in place to protect the overall security of the shared hosting server on which your website resides. The compromise of your account is outside of the scope of security that we provide for you. Virus scans are performed on the content that is hosted, but they may not pick up everything, largely due to the fact that hackers tend to upload custom scripts which are not picked up by traditional malware scanners. However, if a virus is detected, you will be notified. The overall security of your password and the content within your account is your responsibility, as password compromises and compromises due to scripting can only be prevented by you.”
Please forward this post to your friends, and help us get the word out. It looks like this has compromised a large number of blogs, and especially since it happened over the weekend, there’s a good chance many bloggers haven’t noticed it.
For more information on fixing the issue, please see this post : Cechriecom.com.js.php – WordPress Hacked on Godaddy
This is not your normal BlogcastFM blog post, but since we were hacked this weekend and unaware of the issue for a couple days, I felt we had to say something since our audience is bloggers – and help educate you guys in case you have the same problem. We’ll resume with our normal interviews tomorrow.
“This is dangerous malware!” - warns WP Security Lock, going on:
“It tries to infect your visitors computers with a virus. If a visitor is not protected with a good, up-to-date anti-virus program, their computer will become infected. And it needs to be removed immediately.”
First they ignore you, then they laugh at you, then they fight you, then you win ~ Mahatma Gandhi
Use free p2pnet newsfeeds for your site. Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/feed
Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details. Click here to learn what technologies might help you bypass censorship in your area.