ugh...hacked - Godaddy hosting - no idea why yet...replacing files.
Dont go here until I update this post that it has been fixed.
ugh...hacked - Godaddy hosting - no idea why yet...replacing files.
Dont go here until I update this post that it has been fixed.
Good to have backups.
I have reloaded the files that seem to have been affected by this. I think it's ok again - just brosed to it, didn't get redirected or anything unusual.
ss-kalm - do you still get the warning?
Yes I do! - Even clearing all the caches, It still comes up. Try it yourself in an Opera browser.
Keith
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
There are 10 types of people in this world .... Those who understand binary, and those who don't.
I see the same warning in Opera as well.
Scott, just reloading your site from backups won't get your off the Yandex fraud list (Used by Opera for the Blacklistings).
Read more here:
► http://www.opera.com/docs/fraudprotection/
You will also need to contact godaddy as your site still appears to be compromised.
When attempting to load your URL in Google Chrome, I see a remote call being made to a Russian site.
{sorry for the thread hijack} - maybe this will help others...
I figured as much for Opera (using a thrid party list that will need to be cleared) and I see the redirect happening when using Chrome here as well.
I don't know where the "infection" is, as I've replaced the files and checked the DNS (which is actually at Comcast, pointing to a Godaddy host). It must be compromised at the server itself or something, as I even checked all the code inside the home.html file and there is nothing there pointing to any other domains - code seems intact.
Thanks again for the headsup and I'll continue to look for a solution!
Alright - one more time.
I have checked all of the files and such in this site (and actually one other on the same Godaddy account).
I had missed that the two xara .js files were also compromised, not just the html. I have gone though all of them and looked for everything that was changed yesterday, including all of the Wordpress files (many of which were replced or modified).
I loaded the site in both Chorme and Opera (with fraud protection turned on) and I got no warnings or redirects. Anyone have the guts to check this from their end?
Anyone know of a way to avoid this happening? It's happened on another host (DOT5) as well. I think it's unavoidable unless you pay for a service to keep it away. In both cases, it looks like a hack on the hosting provider itself, as all of the files that were changed we at the exact same moment - done by a bot or script through the directories, as it was with my DOT5 issue - who issued a hosting-wide password reset the following day after my complain.
I'm still going to contact Godaddy to make sure that they are aware and see if they heard of other issues.
In the meantime - back to the thread!
This is not good at all. I assume you've done a system scan? Cushy CMS sounds great but I won't give anyone my clients server information outside of my server for just this possible out come.Code:two xara .js files were also compromised, not just the html
Good luck.
Cushy CMS was not involved in this compromise - just to be clear.
I've never used Cushy. There is no reason anyone should have been able to get into that site except for a compromise at the host (godaddy) itself. At least 50 files on two clients sites were changed all within a matter of seconds. This was a bot attack of some sort.
The site in questin here uses a wordpress.org Blog which also has no access to the actual FTP of the web server either - just the databases it uses.
That's good to know that Cushy CMS is solid. I hope everything gets resolved by GoDaddy to your satisfaction quickly.
Cheers
Bookmarks