GoDaddy hacked – Fixing the “headers already sent” error

September 21, 2010 by 4 Comments

As you saw over the last few days, various sites at GoDaddy were exploited causing lots of complaints on Twitter and in other places about GoDaddy security.

Well, today, many of those sites were reinfected (again) and GoDaddy tried to fix the them automatically. However, their scripts failed for some reason, leaving some sites with empty lines at the top of the PHP files, causing these errors to show up:

Warning: Cannot modify header information – headers already sent by (output started at..

So, if your sites are showing these errors, just run this script:

http://sucuri.net/malware/helpers/clear_php.txt

(right click – save as clear_php.txt, rename to clear.php and upload via FTP to your site. Open your browser and execute it as yoursite.com/clear.php).

That should fix these issues. If you need any help, contact us at http://sucuri.net/support

Filed Under: google, hacked, WordPress Tagged With: , ,
About David Dede

Sucuri Security bot (crazy work) - Malware research updates, sucuri news and more.

  • Steve

    I hope your billing these guys for all the excellent work you do staying on top of their security for them and fixing their fixes.

  • Todd Redfoot

    Another Attack – THWARTED! – Reminder to change FTP Passwords

    Friday, we told you about a recent malware attack affecting a small group of Go Daddy customers. Our Security Team recommended all those who believed they were affected to change their FTP passwords.

    This morning, another event targeted the same hosting accounts as last Friday.
    The good news? Those who changed their passwords were NOT affected.
    The bad news? Those accounts affected by the previous wave of attacks, whose FTP passwords were not changed, were once again compromised.

    If you were impacted in any way, Go Daddy "has your back." Our Security Team cleaned the affected sites almost immediately and very few, if any sites, should be seeing errors.

    If you think your site has been affected, please change your FTP password immediately — It just takes just seconds. Here's how to change your FTP password.

    Thank you,
    Todd Redfoot
    Go Daddy Chief Information Security Officer

    • http://blog.sucuri.net dremeda

      You guys sent them emails and called them to ensure they were aware of your recommendation? How were they notified?

      This is the fundamental awareness issue hosts like GoDaddy don't get. You mass market about awesome hosting, but you sure don't share the same emphasis and passion around educating non-technical people about the inherit security risks involved with hosting and managing a website securely.

      Quit with the scripted replies and get realistic. You're devaluing your customers by explicitly publishing inaccurate attack information, who are you fooling? Lastly, continually blaming customers after the fact is not going to earn you brownie points either.

      More reason for standards around security controls, information security awareness, and remediation practices in the web hosting world. It would benefit consumers and hosting providers alike.

      Regards,
      Dre Armeda
      Sucuri Security
      My recent post GoDaddy hacked – Fixing the “headers already sent” error

  • Pingback: Tweets that mention GoDaddy hacked – Fixing the “headers already sent” error | Sucuri -- Topsy.com