Go Daddy counters PHP hack attacks

Posted by Trent Nouveau

Go Daddy has stepped up its efforts to counter an ongoing PHP hack attack that has affected a number of Internet hosting providers, including BlueHost, DreamHost, Media Temple and Network Solutions. 

"Of Go Daddy's more than 4.3 million hosted sites, this [attack] impacted less than 0.05% of our customers. [Nevertheless], we've identified and are working with the provider and hosting company from where the attacks are originating," a Go Daddy spokesperson told TG Daily in an e-mailed statement.

Go Daddy counters PHP hack attacks"With the help of the blogging community, we're close to breaking additional details related to recent malware attacks. Additional information will be provided to the other hosting providers involved in the same situation and the blogging community as available and as appropriate."

According to the spokesperson, the PHP exploit has primarily affected older versions of hosted software, such as WordPress and Zen Cart eCommerce.

"[The exploit] injects a malicious JavaScript [and] redirects visitors to virus-ridden scareware domains. [The] malware changes its point-of-entry several times, adapting to defenses and finding new vulnerabilities.

"
[As such], we are scanning our servers upon first instance of the attacks, to identify [and contact] impacted customers. [In addition, we have] reached out to other large hosting providers, our competitors, to share best practices and protect the Internet community."

As TG Daily previously reported, David Dede of Sucuri Security has posted a "simple clean up solution" to decontaminate infected websites.

"Note that we are not blaming Wordpress here. I am assuming that if the problem was on Wordpress itself, the number of infected sites would be much much bigger," wrote Dede.

"Maybe a plugin is vulnerable or someone stole lots of passwords. Also, all the hacked sites were on shared hosts, no one so far on a private server...So, it doesn't look like something specific to a hosting company. The only thing in similar is that all of them are on shared servers."