Ashland Daily Photo
Ashland Daily Photo - A picture a day from beautiful Ashland, Southern Oregon USA in the Rogue Valley
The above will search Ashland Daily Photo.

 
«
»

Malware hack on godaddy.com WordPress sites (again)

I apologize if you have had problems getting into this blog during the past 24 hours. Ashland Daily Photo was hacked, as were many other WordPress sites hosted by godaddy.com. If you’re in a similar boat (and notice something pop up on your site about www1.protectsys28-pd.xorg.pl), here is what I did to fix it. So far this has worked, and it didn’t take long.

1. Login to your Go Daddy hosting account.
2. Click on the “Your Files” button at the top of your Hosting Account home page.
3. While on your your “Current” tab, locate what date and time your site was hacked. You can tell when because your .php files all were changed around the same date and time.
4. Click on the “History” tab to make sure you have a snapshot of your site before the hack. If you go back a day by clicking the calendar before your hack date, you’ll see an orange bullet that says “different.” Look at that date and time. It should not be the same as what you saw in step 3.
5. Change the dropdown from 25 to 50 so you can view more files. Also make a note if there is more than one page of files. You will be going through each page using the steps below.
6. Click on your “Current” tab and delete all directories and files.
7. Click on the “History” tab and change the calendar to the date before your hack attack.
8. Click the the select all “check” at the top of the column and then click on the “Restore” icon. Make sure all your directories and files have a green bullet that says “Current” next to them.
9. Check to make sure that EVERY directory and file has a green bullet next to it and it says “Current.” If it says “Deleted” then you need to check that file or files and restore it individually.
10. That’s it. Site is back up. Nothing was lost even though I didn’t think I had a backup.

On another blog I received a message that said, “Alert http://www1.realguardforyou20p.com/ Warning! Your computer is at risk of malware attacks. We recommend you to check your system immediately. Press OK to start the process now.”

The above 10 steps wiped out this message as well.

On May 12 the hack happened again. This time the message had something about http://www1.dataguard-31p.com/ in it. The above steps fixed things again.

Posted on May 12th, 2010 under UncategorizedRSS 2.0 feed • Both comments and pings are currently closed

Comments are closed.