It's a travesty that despite everything over the past two months, GoDaddy is still appearing helpless to stop it, only to try to react. I have had my fill of what appears to be continued incompetence and will be moving all sites this weekend to HostGator.

I found out that someone (probably the godaddy security guys) put the following php code in /home/content/protect.php, to protect against the attacks (that in past used a function named inject_in_folder():

function inject_in_folder($dir){}

So I guess this is their great solution to the problem (so you can’t just re-declare it in your scripts) :/

I naturally figured that as things had gotten pretty quiet here and elsewhere, so that maybe GoDaddy had finally figured it out. But no, it's still happening! Today just proved convincingly that I need to move hosts, finally, and fast.

Changing all the passwords and security settings in the world previously didn't make a difference, but we did it again anyway. Until and unless GoDaddy ever gets a clue on how to stop this on their end, all the blind hope in the world won't make a bit of difference…

Has anybody else here had a new attack? David, have you heard anything? Thanks, and thank heavens for Sucuri.

Log of wordpress file monitor:

"This email is to alert you of the following changes to the file system of your website
Timestamp: Sun, 23 May 2010 07:21:51 +0200

Added:
jeremias_scene.php"

Problem continues….

PROBLEM: Since the fix is a php file, it is vulnerable to attack, just like the rest of the php files.

QUESTION: How you run the fix via Cron on Godaddy without the fix script getting hacked?

As always, comments and suggestions are extremely much appreciated.

Best regards,
Dan Allen
Montpelier, Vermont

p.s. Our site editor is a non-tech professional writer. She researched this attack and wrote a great account, maybe better than any of us techies could write.
http://vtdigger.org/2010/05/19/digger-dirt-vtdigger-org-survives-virus-attack/

On the other hand, I can say with absolute certainty that I and my blogs have benefited from the actual details and specifics of the attacks that have been shared here. That is indisputable to me, and as a result I am much better prepared to both defend as well as repair from attacks. And if everybody becomes more knowledgeable about what is happening and how, the attacks themselves in their present form become far less relevant and impactful.

So yes, I will absolutely take the certainty of the second benefit over the speculation of the first possibility.

First part:

Why it's not helpful? I suppose to some extent it is helpful for people like us to take a look at it and dissect how it works, but it's also counter productive because for every 1 hacker who knows how to write and execute code like this, there are 50 who don't and want to learn and grow.

This helps them do that.

For the most part, I would think all most people need to know is what's happening and how they need to prevent it from happening again. Giving away too much information is teaching young wannabe's.

It's kind of like how to create a dirty bomb. Would you want that information freely spread all over the Internet for everyone to see, or would you rather those kinds of details be bottled up and all we need to know is how to protect ourselves? …. Just an analogy.

Re: Go Daddy

You're spot on with how they are handling it with customers and pushing blame elsewhere. They definitely do need to own up to this. In that regard, I couldn't imagine telling my customers it's their problem when in reality it's mine. They have tunnel vision.

I was just trying to make the point that if we are going to be *aware* of what's going on, we need to tell it all and not just focus on one company.

Take a look at the title to this article.

Shouldn't it be "Another round of hacks attack hosting companies but guess who's still shifting responsibility?"

A bit long, but get my point?