Several web hosting companies hacked again

Thursday, May 20, 2010

Today, I just noticed the existence of malware on my website. Unfortunately, I didn't noticed it early because I wasn't affected by this worm/virus/malware (I will explain this better on my next post).

Apparently last week, in a series of attacks (this had also happened in April too) thousands of sites got hacked and were injected by a worm/virus/malware. It was first assumed that the hack was only targeting Wordpress blogs but it soon became known that other scripts were also affected by it.

The common denominator of the hack was that all affected websites were hosted on so called shared hosting servers. These servers host multiple websites by different users. Some of the affected web hosting companies are Go Daddy, Bluehost, Media temple, Dreamhost and Network Solutions.

It is not clear yet how the hack was carried out. Current suggestions are either weak passwords or file access rights that allow the attacker to gain access. There is also who claim that someone found a loophole in Linux shared hosts.

The web host GoDaddy already admitted they have a problem, but it looks like they were not able to fix it yet. This is what Godaddy has to say about it.

Removing this malware is not easy because it may affect all your php files. Furthermore, if you succeed in removing it, then you still have to scan your sites every day, and cure the problem immediately before your visitors get infected.