Security analysts have detected a spike in backdoor infections on WordPress sites hosted on the service Managed WordPress by GoDaddy. All the web pages contained the same thing backdoor cuts.
The case also affects internet service resellers such as MediaTemple, tsoHost, 123Reg, Domain Factory, Heart Internet and Host Europe Managed WordPress.
The discovery comes from the security application Wordfence, whose team first spotted the malicious activity on March 11, 2022, with 298 sites being infected by backdoors within 24 hours. 281 of them were on GoDaddy servers.
The backdoor that infects websites is a 2015 Google search SEO-poisoning tool embedded in wp-config.php. The links added are used to insert malicious pages into the search results. The campaign mainly promotes medicines, which are displayed to the visitors of the violated websites instead of the real content.
The purpose of these templates is to tempt victims to make purchases by handing over money and payment information to malicious users.
If your site is hosted on GoDaddy's Managed WordPress platform, be sure to check it out archive wp-config.php to detect possible backdoors. Removing the backdoor should be the first step for every administrator. Then you should remove all the unwanted results that appear in the Google search engine.
To mention that big companies like GoDaddy, are a pole of attraction for ambitious hackers. In reviews of iGuRu.gr these companies are always on the lists "away from us", or do not exist at all.
Read:
- WP Engine the overpriced WordPress hosting
- WordPress Hosting is the cash industry
- Hosting by EIG companies? No thanks!
- Hosting Absolute guide without ads