Cyclelicious Hacked!

If you’ve visited Cyclelicious anytime Friday through this morning, your PC may be infected with Malware.

Several hosting providers — including mine — were hacked yesterday, and this attack continues through today. Cyclelicious, along with probably hundreds of other blogs and websites, are victim to this hack.

I’ve cleaned the malicious code from Cyclelicious, so this should be safe to browse again. I feel very badly about this, and I’m looking to see what I can do to prevent this from happening again. I’ve been unhappy with GoDaddy’s service lately with poor uptime and performance, and I pay money specifically so I don’t need to deal with security issues such as this.

The hackers injected code into several webpages that redirect your web browser to automatically download Malware — in this case, I believe the malware installs fake antivirus software that extorts money from their victims with incessant popups telling you your PC has been infected. Even if you see no obvious signs of malware, you’ll want to run a malware scan.

16 Comments

  • Anonymous
    September 18, 2010 - 5:55 pm | Permalink

    All seems fine once again. I use 1and1.com as my host and haven’t ever had an issue like this.

  • September 18, 2010 - 6:07 pm | Permalink

    I’m guessing this only applies to people with Windows computers. :)

  • September 18, 2010 - 6:15 pm | Permalink

    http://aqhost.com/ is probably the best bang for your buck.

  • September 18, 2010 - 6:25 pm | Permalink

    …or rather a subset of those with Windows PCs. I think any up-to-date browser blocks malware sites, but the attack was *very* widespread.

  • September 18, 2010 - 8:40 pm | Permalink

    This type of attack against WordPress sites has been going on for several months. The usual culprit is a vulnerable plug-in, but plenty of responsible publishers with fully patched sites have been hit.

    Thanks for cleaning up the mess, Richard.

  • Mildstallion
    September 19, 2010 - 12:08 am | Permalink

    Thanks for the heads up.

  • Meddeviceengineer
    September 19, 2010 - 2:41 am | Permalink

    Ha PCs so last century.

  • September 19, 2010 - 2:55 am | Permalink

    This century is all about cloud services.

    Oh wait, that’s the part that got hacked.

  • September 19, 2010 - 4:42 am | Permalink

    Sorry to hear about this and thanks for letting us know. I was at your site on Friday, but am on a Mac so I think I’m okay. I’ll need to check to see if my site had the same thing happen as you.

    Darryl

  • siouxgeonz
    September 19, 2010 - 7:05 pm | Permalink

    why I have a mac for surfing and a PC for Doing Mainstream Stuff for the Masses. Now, to get back to that Powerpoint…

  • September 20, 2010 - 2:29 pm | Permalink

    Wow, bad news, but it sounds like you got it under control pretty quickly. Nice job and thanks for the heads up.

  • September 20, 2010 - 4:20 pm | Permalink

    It appears in this case, the vulnerability is in Go Daddy’s shared hosting environment. :-(

  • September 21, 2010 - 6:41 pm | Permalink

    And how would this affect me on my Mac? Oh right, carry on then! Hehe! I’ve been pretty darned happy with BlueHost for my domains and space (the unlimited space is kind of awesome!).

  • September 21, 2010 - 7:02 pm | Permalink

    I’m curious — what does Safari or other Mac browser do when it comes across a javascript redirection to a malware site?

    For the record, I posted the note for the benefit of approximately 5% of Cyclelicious users who are vulnerable to malware like the Hillary Kneber hack from the weekend. About 70% of visitors use some version of Microsoft Windows, fewer than half of them are using Internet Explorer, and about 20% of that population are using a vulnerable, older version of IE.

  • Jennifer Glanton
    September 22, 2010 - 7:54 am | Permalink

    What happened to the hubfinder tool? It gives a weird error message: Fatal error: Cannot redeclare class soapclient in /home/content/r/i/c/richardmasoner/html/hubfinder/nusoap.php on line 4104 What is that all about? http://www.cyclelicio.us/hubfinder/ hasn’t worked for a couple days now. Was it affected by the hackers too?

  • September 22, 2010 - 3:44 pm | Permalink

    I finally changed my default PHP from PHP4 to PHP5 and I didn’t even notice hubfinder was broken until you mentioned it! Thanks for bringing this to my attention, but it’s probably going to be next week before I can fix this (busy busy busy!) So sorry about that.

  • Leave a Reply