Researchers Find Backdoor Infection Spike On GoDaddy-Hosted Websites
Connect with us

Plato Vertical Search

Cyber Security

Researchers Find Backdoor Infection Spike on GoDaddy-Hosted Websites

Security researchers have identified a surge in backdoor infections on hundreds of websites hosted on GoDaddy’s Managed WordPress service, which were all compromised by the same payload. The incident impacted websites like tsoHost, MediaTemple, Domain Factory, Heart Internet, 123Reg, and Host Europe Managed WordPress websites. The infected sites shared a nearly identical backdoor embedded in […]

Researchers Find Backdoor Infection Spike on GoDaddy-Hosted Websites

Security researchers have identified a surge in backdoor infections on hundreds of websites hosted on GoDaddy’s Managed WordPress service, which were all compromised by the same payload.

The incident impacted websites like tsoHost, MediaTemple, Domain Factory, Heart Internet, 123Reg, and Host Europe Managed WordPress websites. The infected sites shared a nearly identical backdoor embedded in the wp-config.php file.

Among the 298 websites found with the backdoor, at least 281 were hosted by GoDaddy.The discovery was made by Wordfence researchers, who first noticed the overall increase in infected websites on March 11.

Reportedly, attackers used a 2015 Google search SEO-poisoning tool and embedded it into the wp-config.php file.

“The backdoor in question has been in use since at least 2015,” said a Wordfence blog post on Tuesday. “It generates spammy Google search results and includes resources customized to the infected site.”

While Wordfence is yet to determine the cause of the intrusion, it hinted at the massive GoDaddy data breach from 2021 that exposed the accounts of 1.2 million customers as a potential candidate.

The security researchers urged owners of websites hosted on GoDaddy’s Managed WordPress platform (including the websites mentioned above) to manually check their sites’ wp-config.php file or use an automated specialized malware detection tool to verify their integrity.

Along with the security advisory, Wordfence also provided a list of instructions on how to clean up your WordPress website, should you suspect or discover that it’s been hacked.

Related Streams

EdTech

May 19, 2022 Share Your SITE 2022 Papers Filed under: virtual school — Michael K. Barbour @ 8:04 am Tags: AACE, Association for the Advancement...

EdTech

May 19, 2022 Share Your SITE 2022 Papers Filed under: virtual school — Michael K. Barbour @ 8:04 am Tags: AACE, Association for the Advancement...

EdTech

May 19, 2022 Share Your SITE 2022 Papers Filed under: virtual school — Michael K. Barbour @ 8:04 am Tags: AACE, Association for the Advancement...

Startups

Employee monitoring software: popular solutions, useful features The world itself is becoming more and more digitalized with every passing year, and there’s no arguing...