GoDaddy & Shared Hosting Hacked

Has My Site Been Hacked?
With thousands of reports running around the web about hacked shared hosting accounts, it’s natural to be worried about the security of your website. If you have been exposed to this latest injection hack, it is likely that you or your site’s visitors would have noticed something amiss. Internet Explorer users visiting an infected site for the first time were redirected to a scareware site and prompted to download fake anti-virus software to protect their “infected” PC. I’m sure you can hazard a guess as to what those unfortunate visitors were really getting. Those browsing with Firefox, Chrome or Safari were redirected to a qooglesearch (note the ‘q’) navigation error page with links to a malware site. The malicious script would also install a cookie in your browser that would only redirect you to the malware every 20 days. That way everything would work fine the second time you tried to access your site, and you would be less likely to realize that something fishy was going on.

From the backend, if you can easily access and view your .php files, you will see this code injected into the top “eval(base64_decode(“aWYoZnVuY3Rpb25fZXh…” When executed, it creates a script in the header or footer of your website that runs a malicious code from a malware site like holasionweb[dot]com. When you view the source of your website (right-click or CTRL+click the page and view source) you will see something like this script toward the bottom: script src="http://evil_bad_site/mean_script.php"

Yup, They Got Me Too
So you’ve been hacked, and while it may feel like the end of the world, there are steps you can take to protect your visitors, restore your website, and inoculate your files from future infection.

Step 1: Take Down Your Web Site
If you can’t remove the malware from your site immediately, take it down to prevent visitors from mistakenly downloading a virus. Speedy action will also make it less likely that Google will blacklist you.

Step 2: Clean Your Code
The best thing you can do is restore your site to the latest clean backup (GoDaddy has a history function in their Hosting File Manager that can also help you out here). Wiping all of your files and databases and replacing them with clean versions insures that there are no lingering backdoors for the hackers to use to regain entry to your site. Unfortunately, best practices are not always common practices and most of us don’t back up our sites as often as we should. If restoring your files will cost you information that you can’t afford to lose, your next option is to manually remove the eval code from all .php files in your root folder and subdirectories:

• Download this file and save it as “wordpress-fix.php” on your computer.
• Upload the “wordpress-fix.php” file to the root directory of your site via FTP, control panel or your file manager.
• Execute the code by browsing to http://www.yoursite.com/wordpress-fix.php
• Delete the file
• Clear your cache

More information about this fix can be found here.

Step 3: Change ALL Your Passwords
Yep. All of them. Reports about the GoDaddy hacks are indicating that this is a server side problem, but other shared hosting providers have suffered similar injection attacks. Since you have no way of knowing what information was compromised, or which access points were used to gain entry to your site, you have to assume that your passwords are no longer any good. You need to change the password to your hosting account, FTP, databases and any Admin or backend areas, and these days your kitten’s name or your mom’s birthday just aren’t going to cut it. Make sure your passwords are strong. If you’re running WordPress, be sure to disable leftover access by updating your secret keys in case any hackers managed to log in to your dashboard.

Step 4: Update All Applications to the Latest Stable Release
Software updates do more than just add functionality and make things look prettier, they usually contain important security patches that fix known vulnerabilities in previous versions. It may be a pain in the neck to update your application, especially if you heavily modify the core, but the security is worth it. Using templates and overrides to make your modifications can make the update process a lot less painful. Sometimes developers need time to work out all the kinks in a new installation, so avoid beta releases.

Step 5: Follow All Developer’s Recommended Security Releases
Despite the fact that most of these blog, CMS and eCommerce applications are open-source, they generally have excellent documentation and diligent development teams. Take advantage of the resources provided with your applications, especially the security recommendations. Failing to make these manual updates to beef up your site’s security could put you on the fast track to Hackerville.

Step 6: Back Up Your Site, and Then Back it Up Again
Frequent backups make your life easier for many reasons, and recovery from hacks is a pretty big one. Schedule a chron job, leave post-its on your computer screen, put an alarm on your phone – whatever it takes to remind yourself to take care of this necessary task. If you implement none of the other advice in this post, remember this: Always wear sunscreen (even when it’s overcast) and back up your files!

Links and Resources
Network Solutions Update for WordPress Customers
GoDaddy Responds to the Attacks
Sucuri Security

Security
Security With Apache .htaccess
Important Zen Cart Security Recommendations
Securing Your WordPress

Anti-virus Software
Free
Avast (PC)
AVG (PC)
iAntivirus (MAC)
ClamXav (MAC)

Paid
Symantec Norton Anti-Virus (PC & MAC)

Related Posts:

• No Related Posts