Jun 29 2010

Bluehost Malware Attack and Denial by BlueHost

  • 1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
    Loading ... Loading ...
    Posted by in Uncategorized Email This Post Email This Post
  • 2 Comment

So for the past couple of hours I have been dealing with the “friendly” support staff at BlueHost, one of the largest hosting companies in the US.

Apparently this past weekend many of their servers had been hacked.

You can read some user accounts here:

Also, for some reason this site is being blocked by filters at the BlueHost support locations.


So here’s the text from the site:

If your site got hacked on the last mass infection of WordPress sites out there, we have a simple solution to clean it up.

For Network Solutions users:

If your site is at Network Solutions, and you have that “virtual-ad.org” malware, the solution is simple.

Login via FTP and remove the file cgi-bin/php.ini. That’s all you need to do to protect your users.

You will still have some “.nts” files in there (which you can remove later), but they will not be executed without the php.ini.

Via SSH:

If you have SSH access to your server, run the following commands on your web root:

$ find ./ -name "*.php" -type f | \  xargs sed -i 's###g' 2>&1$ find ./ -name "*.php" -type f | \   xargs sed -i '/./,$!d' 2>&1

Via web:

If you don’t have SSH access, download this file to your desktop:
http://sucuri.net/malware/helpers/wordpress-fix_php.txt and rename it to wordpress-fix.php.

After that, upload it to your site via FTP, and run it (using your browser) as: http://yoursite.com/wordpress-fix.php

This script will take a few minutes to complete, but will scan your whole site and remove the malware entries.

Once you are done, go back to your site and remove this file.

That’s it and you should be clean again.

UPDATE: If your site is not getting cleanup after you run it (or you are getting extra empty lines on the top of your files), it means that the script didn’t finish to run properly. Try running it again. It it doesn’t help, upload it to some sub directories (like wp-admin, wp-content and wp-includes) and run directly from there. For example:
http://yoursite.com/wp-admin/wordpress-fix.php , http://yoursite.com/wp-content/wordpress-fix.php , etc.
That should fix it!

Here’s what the script returned:

Site clean up by http://sucuri.net
This script will clean the malware from this attack: http://sucuri.net/malware/entry/MW:MROBH:1

If you need help, contact dd@sucuri.net or visit us at http://sucuri.net/index.php?page=nbi

Malware removed.
Empty lines removed.



2 Comments on this post


    [...] Bluehost Malware Attack and Denial by BlueHost [...] your site got hacked on the last mass infection of WordPress sites out there, we have a simple solution to clean it [...] Login [...]
    July 8th, 2010 at 2:23 am
  1. batmac2 said:
    Interesting to read, thanks for sharing with us! http://webdiscountcode.com/stores/fatcow-coupon-c
    August 22nd, 2013 at 9:20 pm


Subscribe Form

Subscribe to Blog

Social Media

Follow Me on Quora   Follow Me on Pinterest  

Google Sponsored Ads

Who is at the site now

TigerDirect Search

Search at TigerDirect.com:

Google Search

Sponsored Ads 2

Service Providers

Related Ads

Email Signup

join our mailing list
* indicates required


UBD Moneymaker Theme by Unique Blog Designs & Phillip van Coller