Note: an update has been posted regarding the content of this post.
You’ve read all the articles and seen all the tweets. I won’t comment on my personal/professional opinions of GoDaddy’s shared Linux hosting. What I will do is try to help out my fellow web professional recover from the recurring hacks in GoDaddy’s shared Linux hosting environment.
I WILL SAY THIS: This is not a WordPress issue. It’s a hosting environment issue. I have clients who were hacked that had no WordPress installation installed on their account.
Who knows. Bottom line, some doucher or group of douches have found vulnerabilities in the shared Linux hosting environment GoDaddy sells and have appended a line of
base64 encoded PHP to be evaluated before nearly every PHP file is launched. This is normally causing malware warnings in updated browsers and I’ve seen some spoofing/redirects to search engine spiders as well.
Revert to a back-up before a hack or remove the malicious line from each
.php file in the entire directory tree of your hosting account.
I have created a very simple script to allow you to sniff for these files recursively and remove the first line of any files whose first line contains the string: <
?php /**/ eval(base64_decode(
This should clear things up, but I offer no guarantee or warranty and am not liable for what this file does. It’s simply a fix I used on a few client sites.
godaddy_hack_fix.phpand upload to your document root.
Fix Filesbutton. If you’re ready, press it and wait. It will tell you when it’s removed the malicious first line from the files.
This is a quick fix, but not complete. You should ideally remove and update from a back up, but let’s face it, most of us actually back things up. It’s human nature.
Much love. Let me know if this helped you out.