Hacking the Hackers

A long time ago, in a galaxy not so far, I was once a network engineer at IBM.

Before I knew about the jungles and islands that were waiting patiently on me, I spent my last corporate days working on an IT security team – playing hacker.

That’s why I knew exactly how much trouble I was in this past week when I found out about the thousands of hacked WordPress sites hosted at GoDaddy.

[WARNING: GEEK STUFF AHEAD]

12 of my websites, including this one and Startbackpacking.com were infected with malware which tried to install a file on unsuspecting readers’ computers.  If you had to deal with this, I apologize.

Cleaning up the infection is labor-intensive, mostly due to the slow response of Godaddy’s online tools.  A simple request to re-install WordPress can take 12 hours or more; I could fly to Arizona and do it myself in less time.

Like any good giant corporate entity, GoDaddy has pretty much said “not our fault”.  Even my sites running the latest version of WordPress with all updates installed were compromised, so I wonder.

Did it originate server-side?  All giant corporations are full of disgruntled, over-worked, under-paid IT guys that dream of owning the world with their skillz. I speak from experience.

All of my travel sites are safe once again, but I am still fighting to clean up a handful of other lesser-visited websites.  The impact to my income right before I head to Southeast Asia is painful to say the least.

Actually, not as painful as the four days spent basking in front of a laptop to clean up the mess. All the while, friends ring me from great Cinco de Mayo parties and the sun shines outside. -sigh-

The impact? Advertisers lost, Google thinks I’m a malware site (not good for your rankings!) and daily income lost when the clock is ticking to save for my big move to Malaysia this June.

The motives of the hackers? This was designed to turn thousands of computers around the world into “zombies” which will undoubtedly be used to attack some government or corporate site in the future.

I do have to give it to them, the EVAL code injected into every PHP file was ingenious. Its a god-mode hack.  I haven’t seen an exploit this crafty since CodeRed or the SQL worm.

All elite status aside, I would like to personally thank them for ruining my life this week and impacting an already-fragile budget situation for my trip!

Here is some old-school ASCII art that any hacker can appreciate, but I present this especially for whoever caused this:  thanks guys.

Find all related to:
Greg Rodgers

About Greg Rodgers

Enjoyed this post? Consider throwing a dollar into my Paypal account: https://paypal.me/VagabondingLife (I can eat for $2 on the road!) Check out my Facebook page: https://www.facebook.com/vagabonding.travel.

6 Responses to “Hacking the Hackers”



  1. A DDOS bot net: only funny if your not infected by it or you created it. cant wait to read more of your travels in asia greg!

  2. Did non-Windows based servers also get affected by this?

  3. Hey Martin, yes – all of my hosting (as well as computers at home) are Linux.

    Anything running PHP on GoDaddy was susceptible including Simple Machine Forums and WordPress. Even my sites running WordPress 2.9.2 were infected, so its brand new.

  4. douglas fraser May 12, 2010 at 8:27 am

    thank god I have a mac… the injected JS file / code does not work with macs apparently, or other things I’ve set up block execution

    BTW, you have been hacked again 🙂 – the oo.php script at the index of this page’s HTML. this problem is pretty major, to be repeated so often. And I run loosechange911.com, WP 2.9.2 and it hasn’t been touched, nor the crummy Zen Cart code there too. Though with Loose Change, I have to be really paranoid.

    So I don’t think it is strictly a WordPress or other software package issue – my gut says it is a GoDaddy issue, unless other hosting companies have been affected.

  5. Got hit yesterday. So frustrating. My computer saviour fixed it in short order and maybe it wasn’t what you had but I share your pain.

    Have a great trip.

  6. My guess is an inside job based on the attacks so far. GoDaddy’s response has also be very disappointing.

Leave a Reply