Analysts better safetys detected an outbreak of backdoor infections on WordPress sites hosted on service Managed WordPress by GoDaddy. All websites contained the same backdoor.
The case also affects service resellers Internet such as MediaTemple, tsoHost, 123Reg, Domain Factory, Heart Internet and Host Europe Managed WordPress.
The discovery comes from the security application Wordfence, whose team first spotted the malicious activity on March 11, 2022, with 298 sites being infected by backdoors within 24 hours. 281 of them were on GoDaddy servers.
The backdoor that infects websites is a 2015 Google search SEO-poisoning tool embedded in wp-config.php. The links added are used to insert malicious pages into the search results. The campaign mainly promotes medicines, which are displayed to the visitors of the violated websites instead of the real content.
The goal of these standards is likely to entice victims to do markets of products, delivering money and payment information to malicious users.
If your site is hosted on GoDaddy's Managed WordPress platform, be sure to check the wp-config.php file for potential backdoors. Removing the backdoor should be the first step for any administrator. Then you need to remove all the unwanted results that appear in the Google search engine.
Let's mention that big companies like GoDaddy are a magnet for ambitious hackers. In reviews of iGuRu.gr these companies are always on the "far from us" lists, or they don't exist at all.
Read:
- WP Engine the overpriced WordPress hosting
- WordPress Hosting is the cash industry
- Hosting by EIG companies? No thanks!
- Hosting Absolute guide without ads