Comments on: GoDaddy Shared Linux Hosting Hack Fix

By: jrzgirlzz

jrzgirlzz — Fri, 24 Feb 2012 04:15:04 +0000

I was able to follow your instructions and text for the malware but it said 0 infected files – however, I can see on my GoDaddy hosting account that the index.php file is infected… how can I fix this?

By: jrzgirlzz

jrzgirlzz — Fri, 24 Feb 2012 03:33:27 +0000

Also, I have tried removing the code from my index.php files and my sites will look good for about 5 minutes and then they revert back to being all messed up again and the malicious code has been restored…

By: jrzgirlzz

jrzgirlzz — Fri, 24 Feb 2012 03:30:44 +0000

I have a GoDaddy account and have been affected by this malware. I also have a GoDaddy Shared Linux hosting account. I tried to fix the problem myself but each time the infection keeps returning. I alerted GoDaddy and at first they told me it was an internet explorer issue. I kept complaining and they insist it’s a WordPress issue and they charged me $150.00 to “restore” all of my 109 sites to a date a few weeks ago. That hasn’t worked either and I’m not computer savy enough to try your fix. Any help is appreciated

By: andy

andy — Thu, 12 May 2011 15:21:02 +0000

@Paul interesting. I’m booked on many projects right now, so I have minimal free time to play with this, but if you’ve got tons of sites affected, you can use my quote form to contact me and I can try to see if I can fit building you a custom solution into my work queue.

By: Paul

Paul — Wed, 27 Apr 2011 00:07:52 +0000

Update, I noticed my last comment didn’t include the bs virus code:
src = description2011.ru/in.php?a=QQkFBwQHBAEABQQMEkcJBQcEBwUABAECAA== width=”0″ height=”0″ frameborder=”0″

I’m deleting out the iframe, brackets, , http : // , etc…

Hopefully it will appear here, so other people maybe able to identify the same / similar virus code they may be experiencing.

Paul

By: Paul

Paul — Wed, 27 Apr 2011 00:02:57 +0000

Hi Andy.

Came across your post when googling “GoDaddy Hosting Virus”

To keep this as brief as possible, we had major issues with over a dozen GoDaddy Shared Hosting accounts going back to April 2010, and since it’s now April 2011, and same crap different day is happening again.

Lot’s of time and money was lost last year, and all GoDaddy did was pass the buck, at first didn’t even admit there was a problem, then did – sorta. We still had to painstakingly fix all of this over 500 websites.

Tried your script in this post, but it doesn’t seem to be detecting this new “virus strain”.

Here is the bs code that is implanted on hundreds of index files on the bottom of each page after the “body” tag:

These sites do not have WordPress, but the same GoDaddy Shared Linux hosting accounts may have some WordPress installs on them.

The index pages on these landing pages do have an index.php extention.

Since we are not super techie, and GoDaddy is no help, even though we have multiple VIP accounts and thousands of domains with them too, need a permanent solution to not have these hosting issues again.

I’m sure more readers will be visiting your same post over the upcoming days, as it was on first page of Google for this problem, and I know there are more people having same issue again.

Any suggestions are greatly appreciated.

Thanks!

Paul

By: Is WordPress VIP Beyond Reach? Let HostCo Wipe Away The Tears | The Blog Herald

Tue, 14 Sep 2010 18:46:55 +0000

[...] it comes to shared hosting plans (the oft popular choice among bloggers which hackers unfortunately love to [...]

By: andy

andy — Tue, 18 May 2010 02:09:06 +0000

@dj thanks. @peter (see previous comments) made some modifications to the script, he realized it was outputting 2 times the number of files for some reason.

I’ve updated the script with some new options thanks to @peter’s input and version from his site.

Good luck to everyone who needs this. I need to write a follow up post about cleaning up your sites as well. Stay tuned.

By: dj

dj — Mon, 17 May 2010 23:34:15 +0000

Thank you !! Very well done.

I noticed my sites were infected this morning, tried to run godaddy’s update…didnt fix the problem completely.

So I stumbled across your post through google. You should send this to them. I had 13,000 infected files when I ran your php script. It managed to fix all of them.

Again, thank you.

By: Peter

Peter — Mon, 17 May 2010 19:40:48 +0000

Andy, I did a small customization to your script, and republished it on this post http://www.blogtips.org/godaddy-hacked-again-another-way-to-cure/

I gave due credit..

Hope you don’t mind the changes.

Peter