Announcement

Collapse
No announcement yet.

Godaddy Malware attack

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Godaddy Malware attack

    All my dev forums or live forums have been attacked.
    only portion of the header is shown.

    http://community.godaddy.com/support/?ci=19370

    anyone with Godaddy that is still safe?
    Get Our New Flat Theme Pro Pack or Grab all 34 vb5.5.4 skins @sultantheme.com -vb3 responsive style or vb4 responsive style and vbcloud custom style

  • #2
    I've been seeing a lot of this today. Definitely something for people to be aware of.

    Please don't PM or VM me for support - I only help out in the threads.
    vBulletin Manual & vBulletin 4.0 Code Documentation (API)
    Want help modifying your vbulletin forum? Head on over to vbulletin.org
    If I post CSS and you don't know where it goes, throw it into the additional.css template.

    W3Schools <- awesome site for html/css help

    Comment


    • #3
      Lucky for me they restored my forums.
      before it happens I already have my dev and live forum the latest vbulletin 403pl1

      Here is their email reply.

      Dear Sir/Madam,

      Thank you for contacting the Hosting Security Team.

      We have checked and confirmed that your hosting account sultantheme.com had php files which contained a javascript malware injection. We have since removed the contaminated code as a courtesy. Please note, that this is not a permanent solution because it does not remove the vulnerability that allowed the malicious code to be inserted.

      If you have any plugins that cache data for your software, be sure to update the cache as soon as possible.

      To address the specific vulnerability, please ensure that you fully upgrade all installations of any third-party software in which you may be running to the most recent version.

      We continue to investigate the root cause of this issue. Please contact us if you see this occur again.

      Regards,

      Pete H
      Hosting Support
      The infected file as for vb4 plugin is the php file for twitter/bitly bridge. currently they freeze this file.
      Last edited by napy8gen; Wed 12th May '10, 7:04pm.
      Get Our New Flat Theme Pro Pack or Grab all 34 vb5.5.4 skins @sultantheme.com -vb3 responsive style or vb4 responsive style and vbcloud custom style

      Comment


      • #4
        I've also been attacked, still cant locate the virus :S

        my hosting company is being very unhelpful in this.
        Jut a random internet person.

        A message to all illegal users!

        Comment


        • #5
          Originally posted by hitmancode47 View Post
          I've also been attacked, still cant locate the virus :S

          my hosting company is being very unhelpful in this.
          How have you been attacked? I mean how is your forum damaged?

          If your host is being unhelful, then I think it is time to start looking for another host.

          I had 5 customer whose forums went down on goddady as well. One using vb and the other 4 other softwares. Those goddady guys, never learn lol as it ain''t the first time this happens on their servers.

          Comment


          • #6
            We too.
            New Host/Server Attack: holasionweb_dot_com/oo.php/kneber

            http://www.vbulletin.com/forum/showt...ghlight=trojan

            Comment


            • #7
              Mine too

              My sites were affected too. However, since it was the second attack, I had prepared and could restore my site and fixed it in two minutes after the attack.

              After the first round of attack on my site I developed a small script that will tell me my php files have been tampered with as soon as something happens. So, I guess none of my forum users did notice the attack this time.

              Comment


              • #8
                Originally posted by Gangkai View Post
                My sites were affected too. However, since it was the second attack, I had prepared and could restore my site and fixed it in two minutes after the attack.

                After the first round of attack on my site I developed a small script that will tell me my php files have been tampered with as soon as something happens. So, I guess none of my forum users did notice the attack this time.
                That might not be a bad script to share with the rest of the vb community have you posted it anywhere on vbulletin.com or vbulletin.org
                http://www.progamerclans.com/forum/i...ine=1270765165

                Comment


                • #9
                  Yup iv been attacked twice now and Im with godaddy
                  You need to remove this line

                  Code:
                  <?php /**/ eval(base...................................=="));?>
                  From all of your .php files on the server, this code is located on the very top,
                  Luckly when I was attacked the first time I cleaned all my files and kept a clean back up of it on my pc, so when it happened again I just uploaded the files and overwrite.

                  I hope they fix it soon coz it is really annoying, I have vb 3.8.5 by the way.

                  Comment


                  • #10
                    many time i heard godaddy's complaint. i dont trust godaddy anymore
                    Mastiya

                    Comment


                    • #11
                      In my opinion godaddy is good to buy domain names only. The hosting side of it leaves a lot to be desired.

                      Comment


                      • #12
                        I have two clients hosted at GoDaddy and their forums was attacked with that malware, that infect all the header files with that base 64 code.

                        Eset Smart Security doesn't detect that web malware!

                        So for fix it, close your boards, delete all your php files (not sure if html or other files are infected too), and reupload all the vB files and the other php files that you have.

                        In my experience Godaddy Is the worst domain manager and host seller...
                        Jesus is coming. Are you ready?

                        Comment


                        • #13
                          GoDaddy should not be used as a host at all. They are hacked so much for being useless hosts
                          That's it. If you REALLY can't say ANYTHING nice to me at all on this forum, then I am going to go insanely mad at you. I've had enough of the UNTOLD ABUSE you are all giving me and you should really be CONSIDERATE of other people.

                          Comment


                          • #14
                            This all sounds like BS to me people these hosting sites a big companys who would never allow this to happen its all bs people...
                            Uberforces

                            Comment


                            • #15
                              GoDaddy is a joke. Don't waste your money on it. Get REAL hosting, and a REAL registrar.

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...
                              X