Over the past several weeks, several attacks have been made against web sites running various PHP applications. While web hosts initially – and ignorantly – pointed their fingers at WordPress, it has become apparent that it is not WordPress at fault, but rather the web hosts themselves.
Worse, some web hosts, such as GoDaddy, are proving that they simply don’t care. Even when enterprising developers find physical evidence of the previously unseen malware, and present their findings, GoDaddy apparently says, “thanks, but no thanks.” [emphasis in original]:
Finding this script before it was triggered and deleted itself was raw luck. Catching this file gave a great opportunity to actually track down how these hacks are occurring, and possibly would leave clues that GoDaddy could use to keep it from happening again. Looking at the owner/creator of the file, and matching that timestamp up with the various logs (ftp, ssh, http, mysql, etc) could give GoDaddy the information needed to figure out how the file really got there, instead of just guessing that WordPress was the issue. I have never seen a file like this before, and searching Google for the name yielded no results, so there really was no other information out there available on this. Finding it there was a little like hitting the lottery in that respect, random and very, very good luck.
The problem, however, is that GoDaddy didn’t seem to care. I called and explained to the woman I spoke with exactly what it was that I found and how it could be useful. I told her that matching up that file to the logs could yield some potentially valuable information. She did listen carefully, and I am pretty sure she understood what I was saying, because she asked if she could put me on hold to go talk with someone who might know more. She came back and informed me that she didn’t have permission to look at those logs.
I explained again, in a little more detail, why looking at the section of those logs was very important, and if she didn’t have permission could she please escalate the ticket to someone who did. Again, she put me on hold. This time she came back and told me that they were uninterested in escalating it.
So, what do you do, when faced with a web host who appears ignorant of and apathetic toward their own security issues, resulting in your web site getting hacked? For many people, the answer is clear: find a new host.
But, as if finding a new host isn’t daunting enough, you are then faced with the task of migrating your WordPress installation – blog posts, pages, media attachments, themes, and plugins – to your new host.
No worries: let WP TurnKey take care of it for you!
WP TurnKey Migration Services will take care of migrating your WordPress-powered web site from your old host to your new host, changing your nameserver settings so that your domain name points to your new host, make sure that your WordPress installation is updated to the latest version, and perform a security review and update of your WordPress installation, including configuration of your wp-config file, your .htaccess file, correct file permissions, and hardening your admin account credentials – all for only $200!
Let me know how WP TurnKey Migration Services can meet your WordPress-powered web site migration needs!