WordPress Sites on GoDaddy, Bluehost Hacked

A major WordPress hack has hit Go Daddy, Bluehost and Media Temple customers.

The cause is unclear, but it’s an ongoing problem.

Some users report similar problems with their Joomla and ZenCart installs.

About the Hack

The hack appears to have originated at the hosting provider level; hackers seem to have been able to infiltrate multiple accounts due to a software vulnerability.

The common factor in all of the hacks is a link to a ‘holasionweb’ or similar domain name in the header of the site. This causes a fake antivirus popup or a redirect.

In all cases, the script tries to install malware on the visitor’s system. That causes serious issues for anyone without up-to-date antivirus software installed.

Initially the hack seemed to centre on Go Daddy WordPress installations. Now it’s spreading to other hosts and scripts. Go Daddy says that the hack is caused by out-of-date scripts, but experts disagree.

How to Protect Your WordPress Site

The hack is affecting WordPress sites that are fully up-to-date, and there are no obvious plugin vulnerabilities either.

The only thing you can do is harden your WordPress installation or install a security plugin. Neither guarantees total protection, but you might make it more difficult for the hack to take hold.

Checking Your Site

Unfortunately, it seems that the hackers have sidestepped Google’s Safe Browsing API, according to at least one report. That means users of Chrome and Firefox can still visit these sites without any warning that there’s a problem. The only way you’ll know if you’ve been hacked is if you receive a virus warning.

Make sure your virus checker is functional and your virus definitions are up-to-date.

How to Clean Your Site

If your site has been hacked, the easiest way to recover it is to restore the whole thing from a recent backup.

If that is not possible, Sucuri Security Labs is offering a PHP script for cleanup. The company is also offering instructions for cleaning up via SSH.

Also, it’s good practice to tighten up your site security:

  • Change your login information for your admin panels.
  • Change your MySQL database password.
  • Monitor your site closely for signs of reinfection.

Should I Be Concerned?

While many customers are affected, not everyone has been hit. You may be lucky. Vigilance is the best option until the cause is determined.

Get Exclusive “Subscribers Only” Content

Join our newsletter & be first to hear when we publish new posts.

(We hate spam – you can unsubscribe any time)

By Claire on

Wait – You Didn’t Miss These Did You?

Zemanta
Get Exclusive “Subscribers Only” Content

Join our newsletter & be first to hear when we publish new posts.

(We hate spam – you can unsubscribe any time)

Twitter Facebook

Discussion

What Do You Think?

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>