Site hacked on Godaddy

Get a fresh cup of coffee, take a deep breath and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are a couple.

Thanks but I am aware of these suggestions. Just putting this out thee for anyone who uses Godaddy specifically. I don’t want to go through all the processes multiple times a week. Its a very small site and none of the database is compromised. They are just adding files. The only real control I have on shared hosting is the ftp password.

Might be a bad neighbor on that shared host… It happens!

Why not engage a new hosting account there and migrate the site this weekend.

I’d also run WordFence and iThemesSecurity and follow the directions Andrew Nevins recommended one more time!

Yes we plan to move it to another host. I am just trying to figure how it happens. Seems if Godaddy is getting hacked, all I will be doing is catch up while deleting and restoring files. We cannot protect the servers connections. Wouldn’t Godaddy have other infected sites and want to control this?

I was working on hacked/malwared websites hosted on GoDaddy (as well as on websites hosted on most of the most popular hostings) and an infection has never been the fault of GoDaddy.

There may be many reasons why your site is continuously hacked, for example, it may not have been efficiently cleaned after the very first infection.

Adam

Actually I deleted all the files in the directory, uploaded all new WP files and recreated the posts/pages since there were only 3. Uploaded the only plugin I have (Yoast) and still got hacked.

• This reply was modified 6 years, 10 months ago by Bloke.
• This reply was modified 6 years, 10 months ago by Bloke.

Try reloading the web files again, and this time do not add any plugins at all and see if this happens again. Also have you looked through your database for malicious code?

If you’re on the old Godday WordPress/Linux platform, tell them you want to move to the CPanel/Linux plan ASAP. I had a client whose site was hacked, on the average, every two weeks. So far (fingers crossed), it’s OK on the newer CPanel hosting.

I moved the site a few weeks ago. I have checked the database for any malicious code. Uploaded fresh WordPress. The sitemap is working. Now my new problem are these Japanese URLs pointing to content that is not there. I have no idea how to remove them. Type “site:xdax lesaxxnti querxxadio dot com” in Google and remove the x. Don’t want this to appear in search results.

One day there are 3 and sometimes more. They keep changing.

• This reply was modified 6 years, 9 months ago by Bloke.
• This reply was modified 6 years, 9 months ago by Bloke.

For starters you could add this to your root .htacccess file:

<Files ~ "^.*([Kk][_][Rr][-][Oo])">
    order allow,deny
    deny from all
    satisfy all
</Files>

That would return a 403 access denied and could assist Googlebot in dropping that link from its search results. Assuming the file/directory term “k_r-oam” is not used on your website.