GoDaddy hundreds of pages with backdoors in 24 hours

Security analysts have spotted an outbreak of backdoor infections on WordPress sites hosted on GoDaddy's Managed WordPress service. All websites contained the same backdoor.


The case also affects internet service resellers such as MediaTemple, tsoHost, 123Reg, Domain Factory, Heart Internet and Host Europe Managed WordPress.

The discovery comes from the security application Wordfence, whose team first spotted the malicious activity on March 11, 2022, with 298 sites being infected by backdoors within 24 hours. 281 of them were on GoDaddy servers.

The backdoor that infects websites is a 2015 Google search SEO-poisoning tool embedded in wp-config.php. The links added are used to insert malicious pages into the search results. The campaign mainly promotes medicines, which are displayed to the visitors of the violated websites instead of the real content.

The purpose of these templates is to tempt victims to make purchases by handing over money and payment information to malicious users.

  Andreas Venieris New facts about police or Police Virus

If your site is hosted on GoDaddy's Managed WordPress platform, be sure to check the wp-config.php file for potential backdoors. Removing the backdoor should be the first step for any administrator. Then you need to remove all the unwanted results that appear in the Google search engine.

To mention that big companies like GoDaddy, are a pole of attraction for ambitious hackers. In reviews of these companies are always on the lists "away from us", or do not exist at all.


Registration in via email

Your email for sending each new post

Follow us on Google News at Google news

Leave a reply

Your email address Will not be published.

  + 7 = 11

Previous Story

Netflix charges for additional accounts

Next Story

Mip22: Advanced Phishing Attacks