Monthly Archives: May 2010

Lots of sites reinfected – Now using holasionweb.com

Posted on May 12, 2010 by David Dede

Update2: Reply from GoDaddy: http://blog.sucuri.net/2010/05/reply-from-godaddy-regarding-latest.html Update: Code used to exploit found: http://blog.sucuri.net/2010/05/found-code-used-to-inject-malware-at.html We just got reports this morning of hundreds of sites getting reinfected at GoDaddy (shared servers). This is the new javascript being added to the sites: < script … Read more


Posted in hacked, malware, security, sucuri | Tagged , , | 89 Comments

Last week attacks – Some comments and updates

Posted on May 11, 2010 by David Dede

Last week as a busy one. First, thousands of GoDaddy sites got hacked with that kdjkfjskdfjlskdjf.com malware. A few days later, hundreds of Network Solutions sites got hacked by using the php.ini/cgi-bin malware (including the US Treasury site). The next … Read more


Posted in Uncategorized | Tagged , , , , | 8 Comments

Serendipity important security update

Posted on May 11, 2010 by David Dede

If you are using Serendipity, stop everything you are doing and read this: Serendipity 1.5.3 has been released, as a security-fix release with no other relevant changes. A security issue has been discovered by Stefan Esser during the course of … Read more


Posted in Uncategorized | Tagged | Leave a comment

Simple cleanup solution for the latest WordPress hack

Posted on May 7, 2010 by David Dede

If your site got hacked on the last mass infection of WordPress sites out there, we have a simple solution to clean it up. For Network Solutions users: If your site is at Network Solutions, and you have that “virtual-ad.org” … Read more


Posted in Uncategorized | Tagged , , , | 176 Comments

New attack today against WordPress

Posted on May 7, 2010 by David Dede

Update 2: Simple clean up solution: http://blog.sucuri.net/2010/05/simple-cleanup-solution-for-latest.html Update 1: Note that we are not blaming WordPress here. I am assuming that if the problem was on WordPress itself, the number of infected sites would be much much bigger. Maybe a … Read more


Posted in Uncategorized | Tagged , , , | 61 Comments

Continuing attacks at Network Solutions?

Posted on May 7, 2010 by David Dede

Last week we reported about an attack against Network Solutions that modified the “php.ini” file on hundreds of sites to append a malicious payload to all of their pages. You can read more about it here:http://blog.sucuri.net/2010/05/new-infections-today-at-network.html The problem was caused … Read more


Posted in hacked, malware, netsol, security | Tagged , , | 4 Comments

New infections today at Network Solutions

Posted on May 3, 2010 by David Dede

Update: We just heard back from Network solutions and they explained the issue to us. It is also related to the US Treasury Department hack, because they are hosting at Netsol and got infected too. On their own words: “This … Read more


Posted in Uncategorized | Tagged , , | 20 Comments

Leaking private IP addresses via DNS

Posted on May 3, 2010 by David Dede

Ever wondered where Cisco store their logs? Or what is the IP address for the Facebook development box? Or how a certain big company organize their IP addresses internally? Or where their database server is located? Well, that’s easy to … Read more


Posted in Uncategorized | Tagged , , | 1 Comment

Second round of GoDaddy sites hacked

Posted on May 1, 2010 by David Dede

It seems that a second round of attacks are happening today at GoDaddy and infecting all kind of sites (Joomla, Wordress,etc). Looking at the modification dates on the files, they all happened May 1st (today) during the morning from 1 … Read more


Posted in godaddy, hacked, malware, security, sucuri | Tagged , , , | 56 Comments
RSS Delicious