wilkies0106aw

calvin13,

Did you move to hostmonster. I’ve now got other errors. Not related to this, but I’ve given up the ghost with GD.

I’d suggest putting in place something like Download Guard. A download protection script.

Can you access the files via ftp. Is it the same url?

petercasier,

Thanks for the update. I now just have it sitting on my desktop waiting for the next time.

A

All,

Start checking your sites. I’ve just seen code enter my sites. Although not running live yet it seems. All seems to have gone in a few hours ago.

A

Thanks calvin13.

I read that earlier too.

I also noticed something else today. On my sites in the bottom left hand corner when viewing the homepage. I saw a small smiley face. It was a picture g.gif . I know I didn’t put it there.

I replaced all my themes with the default WP theme, then replaced it with my theme. Face went away.

Call me crazy, yet I’ll not go to your link.

Is it this? – https://www.ads-software.com/support/topic/396524

Have you contacted your hosing company?

GoDaddy’s current response – https://community.godaddy.com/godaddy/whats-up-with-go-daddy-wordpress-php-exploits-and-malware/

The two best paragraphs from my latest support email

In regard to your WordPress question, the only option that we have available is to upgrade the version to remove any security vulnerabilities as we mentioned previously. I understand that the question you have extends beyond WordPress to your hosting plan in general. We apologize for any inconvenience regarding this issue.

NOTE: Once your hosting server becomes infected with malware, we cannot assist you with its cleanup. You need to be proactive in preventing malware and in identifying/removing it if your server account becomes infected.

I think the piece that really gets my goat is the

You need to be proactive

calvin13

OK, still awake. Wanting to see how this all unfolds.

Many people were affected a few days ago. Most people should have fixed it by now and certainly upgraded to the latest version of WP. If not…fools.

Many would have started from a clean slate. Now it’s happening again.mmm.

Is there anybody who is on shared hosting, who is new to shared hosting since the 1st outbreak? That would be a clincher for me.

I never had any issues like this when I wasn’t using shared hosting.

My response from support:

Thank you for contacting Online Support. We are aware of the WordPress security issue. The easiest way to fix this issue is by forcing an upgrade on WordPress. Go to tools->upgrade and choose to upgrade to 2.9.2 even if you are on the latest version already.

Do the same for all the plugins you have in there. It will override the malware entry.

After that, you just have to look for those base64 evals on your themes file, making the job much much easier.

This post also gives some tips on how to analyze/ fix malware on web sites:
https://blog.sucuri.net/2010/02/removing-malware-from-wordpress-blog.html

A few days ago, some customers’ websites were affected by a new, lighter wave of malware attacks.

We are reaching out to those whose sites were compromised, and remind customers to be vigilant about updating all software in their hosting account.

Though we understand this issue is frustrating, we believe the situation is moving in the right direction. We have identified — and are attempting to work with — the key service providers the attackers are using, are are collaborating with the authorities to ensure the individuals will be prosecuted.

How to Upgrade WordPress and Remove Security Vulnerabilities

Our Help Center has content on upgrading your WordPress installation here.

It is important to understand that malware attacks can affect many items on your hosting account. The information in our Help Center specifically shows you how to update WordPress, but any plug-ins, custom PHP scripts, or applications you’ve installed (active or not) can be affected.

Best Practices to Prevent Malicious Attacks from Affect Your Website

* If you don’t know what files in your account do and they don’t connect to an application you’re using, consider removing it until you can verify its purpose.
* Upgrade or remove old blogs you no longer update, inactive test blogs, and other applications you may have installed on your hosting account.
* Use different and strong password for WP Admin, FTP, and your WordPress MySQL database.
* If your site has been targetted by malware attacks, reset your passwords.

If there is anything else that we may assist you with, please feel free to contact us via email or for a speedy response, you may call our support line at (480) 624-2500. We are available 24/7 for your convenience.

Sincerely,

Well it’s late where I am..I’ll see what they say in the morning.

[email protected] are you still in contact with Neil Warner, GoDaddy’s CSO?

https://blog.sucuri.net/2010/02/godaddy-security-update.html

It’s a customer support keyword response. I’ll expect mine shortly.

Sucuri.

Thanks very much for your excellent and speedy response! Beers all round. In my email to them I linked directly to your site. Which I done already. Also telling them to

1. Read the email – they seem to read the first sentence or work on keywords. I don’t know.

2. Pass it on to their security team.

3. Don’t tell me to update and change my pwls. Which I did extensively the last time.

4. Pass it on to all the companies that are fronts for GD hosting.

I just want to see the email response now.

I’m just so grateful for the script. I’d suspect GD is running scared. They don’t either know what is causing it or who. Or more likely how to fix it.

They’ll be worried people will leave them as a hosting provider. The irony is most people wont.