Security analysts have detected a spike in infections from backdoors on websites WordPress hosted on GoDaddy's Managed WordPress service. All websites contained the same backdoor.
The case also affects internet service resellers such as MediaTemple, tsoHost, 123Reg, Domain Factory, Heart Internet and Host Europe Managed WordPress.
Η discovery comes from security app Wordfence, whose team first noticed the malicious activity on March 11, 2022, with 298 websites infected by backdoors within 24 hours. 281 of them were on GoDaddy servers.
The backdoor infecting websites is a 2015 Google search SEO-poisoning tool that is implanted in wp-config.php. The links added are used to insert malicious pages into the results searchs. The campaign mainly promotes pharmaceutical products, which are shown to visitors of the compromised websites instead of the actual content.
The goal of these patterns is likely to lure victims into making purchases of the products by handing over money and payment information to malicioususers.
If your site is hosted on GoDaddy's Managed WordPress platform, be sure to check the wp-config.php file for potential backdoors. Removing the backdoor should be the first step for any administrator. Then you need to remove all the unwanted results that appear in the Google search engine.
To mention that big companies like GoDaddy, are a pole of attraction for ambitious hackers. In reviews of iGuRu.gr these companies are always on the lists "away from us", or do not exist at all.
Read:
- WP Engine the overpriced WordPress hosting
- WordPress Hosting is the cash industry
- Hosting by EIG companies? No thanks!
- Hosting Absolute guide without ads