Announcement

Collapse
No announcement yet.

Godaddy Malware attack

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • beishe8
    replied
    Originally posted by Ando View Post
    This is scary as we are actually thinking of moving host to Godaddy. They are our registrar so we figure it would be easier to have all in one place.
    I have nothing against Godaddy but think twice before you choose hosting from any company which has your domain name.

    Leave a comment:


  • Ando
    replied
    This is scary as we are actually thinking of moving host to Godaddy. They are our registrar so we figure it would be easier to have all in one place.

    Leave a comment:


  • Floris
    replied
    GoDaddy is a joke. Don't waste your money on it. Get REAL hosting, and a REAL registrar.

    Leave a comment:


  • =abvolt=
    replied
    This all sounds like BS to me people these hosting sites a big companys who would never allow this to happen its all bs people...

    Leave a comment:


  • Homeworld'sa
    replied
    GoDaddy should not be used as a host at all. They are hacked so much for being useless hosts

    Leave a comment:


  • Rafa-el
    replied
    I have two clients hosted at GoDaddy and their forums was attacked with that malware, that infect all the header files with that base 64 code.

    Eset Smart Security doesn't detect that web malware!

    So for fix it, close your boards, delete all your php files (not sure if html or other files are infected too), and reupload all the vB files and the other php files that you have.

    In my experience Godaddy Is the worst domain manager and host seller...

    Leave a comment:


  • borbole
    replied
    In my opinion godaddy is good to buy domain names only. The hosting side of it leaves a lot to be desired.

    Leave a comment:


  • funmasti
    replied
    many time i heard godaddy's complaint. i dont trust godaddy anymore

    Leave a comment:


  • Cobra-J82
    replied
    Yup iv been attacked twice now and Im with godaddy
    You need to remove this line

    Code:
    <?php /**/ eval(base...................................=="));?>
    From all of your .php files on the server, this code is located on the very top,
    Luckly when I was attacked the first time I cleaned all my files and kept a clean back up of it on my pc, so when it happened again I just uploaded the files and overwrite.

    I hope they fix it soon coz it is really annoying, I have vb 3.8.5 by the way.

    Leave a comment:


  • XLCR GODFATHER
    replied
    Originally posted by Gangkai View Post
    My sites were affected too. However, since it was the second attack, I had prepared and could restore my site and fixed it in two minutes after the attack.

    After the first round of attack on my site I developed a small script that will tell me my php files have been tampered with as soon as something happens. So, I guess none of my forum users did notice the attack this time.
    That might not be a bad script to share with the rest of the vb community have you posted it anywhere on vbulletin.com or vbulletin.org

    Leave a comment:


  • Gangkai
    replied
    Mine too

    My sites were affected too. However, since it was the second attack, I had prepared and could restore my site and fixed it in two minutes after the attack.

    After the first round of attack on my site I developed a small script that will tell me my php files have been tampered with as soon as something happens. So, I guess none of my forum users did notice the attack this time.

    Leave a comment:


  • TalkBaja
    replied
    We too.
    New Host/Server Attack: holasionweb_dot_com/oo.php/kneber

    http://www.vbulletin.com/forum/showt...ghlight=trojan

    Leave a comment:


  • borbole
    replied
    Originally posted by hitmancode47 View Post
    I've also been attacked, still cant locate the virus :S

    my hosting company is being very unhelpful in this.
    How have you been attacked? I mean how is your forum damaged?

    If your host is being unhelful, then I think it is time to start looking for another host.

    I had 5 customer whose forums went down on goddady as well. One using vb and the other 4 other softwares. Those goddady guys, never learn lol as it ain''t the first time this happens on their servers.

    Leave a comment:


  • hitmancode47
    replied
    I've also been attacked, still cant locate the virus :S

    my hosting company is being very unhelpful in this.

    Leave a comment:


  • napy8gen
    replied
    Lucky for me they restored my forums.
    before it happens I already have my dev and live forum the latest vbulletin 403pl1

    Here is their email reply.

    Dear Sir/Madam,

    Thank you for contacting the Hosting Security Team.

    We have checked and confirmed that your hosting account sultantheme.com had php files which contained a javascript malware injection. We have since removed the contaminated code as a courtesy. Please note, that this is not a permanent solution because it does not remove the vulnerability that allowed the malicious code to be inserted.

    If you have any plugins that cache data for your software, be sure to update the cache as soon as possible.

    To address the specific vulnerability, please ensure that you fully upgrade all installations of any third-party software in which you may be running to the most recent version.

    We continue to investigate the root cause of this issue. Please contact us if you see this occur again.

    Regards,

    Pete H
    Hosting Support
    The infected file as for vb4 plugin is the php file for twitter/bitly bridge. currently they freeze this file.
    Last edited by napy8gen; Wed 12 May '10, 6:04pm.

    Leave a comment:

widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X