2.9.2 site hacked

NS put it plainly and honestly today.

This “.nts” file addition is occurring mostly within the structure of customers’ WordPress installations, however the issue is not with WordPress.

I give them credit for going all out to protect customers even if painful at times after they realized it wasn’t just a WordPress issue but something a little more serious that needed to be contained.

Obviously there is still work to do but much progress has accomplished in neutralizing a serious threat. What other choice is there?

I wouldn’t take anything for granted if I was any hosting company in this country you could be next.

my site is hosted on a linux server at GoDaddy and its messed up.

my site is still down!! my traffic has plummeted – what a disaster….

what happens after i get the site back up… will i be penalized by search engines for having a dead site for almost 5 days!!!

i was advised to take the site off because the script or code or php code could possibly spread to visitors – so my friend took my site down to get it fixed.

i didnt want visitors to get hit too!!

i did a godaddy search on hacking and wordpress and i realize this isn’t the first time this has happened.

so if this happened again… and again… its most likely going to happen once more…

can you both wordpress and godaddy please hire someone who can stop this.. start looking at IT resumes… and get someone on top of the IT skills game!!

put this on your agenda in the next meeting!!

if your reading this… please.. add this as an action item!!

One of my wordpress blog which is hosted on godaddy got this junk code/malware a few months back, so i did a clean re-install but looks like its hacked again. Am currently taking it to hostgator, doing an absolute clean install and just praying that it does not comes back.

just wondering, can’t these hosting providers take some legal action against hackers like this?

If they could catch them, yes.

Alternately, I’d check my SLA with the host and see if I could sue (or get recompensation) from them for poor security. If indeed it’s my host and not me.

@ipstenu, why can’t a host as big as godaddy/bluehost/hostgator can not catch a hacker, and we all can be sure of one thing that its certainly not a consumer’s fault, so many people are getting hacked… it is no longer a problem of a few people…

New tricks by the criminals.

DO NOT GO to this story. You’ll be attacked instantly.

Mass Shared Host Website Hack
?Ghacks Technology News – 1 hour ago
These servers host multiple websites by different users. Affected web hosting companies are Go Daddy, Bluehost, Media temple, Dreamhost and Network ..

5/9/2010 11:06 AM,High,
An intrusion attempt by www1.firesavez7.com was blocked

Risk Name HTTP Fake Scan Webpage 5
Attacking Computer www1.firesavez7.com (209.212.149.20, 80)
Attacker URL www1.firesavez7.com/107a9dcdafc2f5304469e3e909971c691f503009011.js
Traffic Description TCP, www-http

Alright here we go.

Ghacks Technology News
Current Registrar: GODADDY.COM, INC.

He’s been hacked.

okay my site is back from being offline for 6 days… my traffic on analytics has gone to 0-26 from 10,000 visitors a day plus

my site was hosted on godaddy and using wordpress.

I had the newest version of wordpress

(I love wordpress by the way!!!! – its so easy for me to use not even know anything about HTML coding etc…. i love it)

My IT expert who helped me get my site back said:

I got a script put into my site
I use a shared server which makes it vulnerable
And All he did was move my site to a new folder.
And on the hosting site i had an old copy of wp sitting there. (which i didnt’ use – and should of deleted)

So Im back with my site up!!

It cost me some money to pay my IT expert. not much.

This internet world is not as fun as I thought it would be.

Till next time!

Everyone have a great day! until another hacker screws us again.

Well if you the hacker or ????? and are reading this. I say KARMA to you.

Have a wonderful day to all. ??

I’m not with GoDaddy, I’m with a “front” for them. Has anybody told ‘GDsupport’ that this is affecting the 2.9.2. version? Support response is to upgrade to 2.9.2. I told my support, I’m already on 2.9.2 .

They said oh we didn’t know that it was affecting 2.9.2 users. This being despite I’ve emailing my support lot 3 times.

https://community.godaddy.com/godaddy/wordpress-compromised-how-to-fix-it/

Hi, My wordpress site on godaddy hosting also got infected but a simple script to automatically clean this up for you:

https://blog.sucuri.net/2010/05/simple-cleanup-solution-for-latest.html

I just cleaned a few sites using it and takes less then 5 minutes.

Just thought I’d let you know. I’ve a site that is not WP. It is literally a couple of html pages on the same shared hosting. I had a couple of Add to Cart buttons that where not appearing. They hook into a payment system.

I thought what the heck, ran the script that has already been posted several times. All is back to its goodness.

Alright here we go.
Ghacks Technology NewsCurrent Registrar: GODADDY.COM, INC.
He’s been hacked.

The registrar is Go Daddy.. but I think I’m seeing ghacks.net as hosted by Cogswell Enterprises ( could be wiredtree.com? ). I think the commonality there is just the name servers-
ns17.domaincontrol.com, ns18.domaincontrol.com. If you take a look at some samples of the domains using those name servers, and the registrars for those domains, it all looks familiar.

NS18.DOMAINCONTROL.COM SUMMARY
Domain Name domaincontrol.com
IP 208.109.255.9
IP Location Scottsdale, AZ, US
https://who.is/whois-ip/208.109.255.9/

But you can’t read anything into that information, or jump to any conclusions from it. It’s just very interesting to follow all the breadcrumbs.

Here’s GoDaddy’s response on their Support page:

https://community.godaddy.com/godaddy/wordpress-compromised-how-to-fix-it

Pretty lackluster considering the scope of this problem.