If you’ve visited Cyclelicious anytime Friday through this morning, your PC may be infected with Malware.
Several hosting providers — including mine — were hacked yesterday, and this attack continues through today. Cyclelicious, along with probably hundreds of other blogs and websites, are victim to this hack.
I’ve cleaned the malicious code from Cyclelicious, so this should be safe to browse again. I feel very badly about this, and I’m looking to see what I can do to prevent this from happening again. I’ve been unhappy with GoDaddy’s service lately with poor uptime and performance, and I pay money specifically so I don’t need to deal with security issues such as this.
The hackers injected code into several webpages that redirect your web browser to automatically download Malware — in this case, I believe the malware installs fake antivirus software that extorts money from their victims with incessant popups telling you your PC has been infected. Even if you see no obvious signs of malware, you’ll want to run a malware scan.
All seems fine once again. I use 1and1.com as my host and haven’t ever had an issue like this.
I’m guessing this only applies to people with Windows computers. 🙂
http://aqhost.com/ is probably the best bang for your buck.
…or rather a subset of those with Windows PCs. I think any up-to-date browser blocks malware sites, but the attack was *very* widespread.
This type of attack against WordPress sites has been going on for several months. The usual culprit is a vulnerable plug-in, but plenty of responsible publishers with fully patched sites have been hit.
Thanks for cleaning up the mess, Richard.
Thanks for the heads up.
Ha PCs so last century.
This century is all about cloud services.
Oh wait, that’s the part that got hacked.
Sorry to hear about this and thanks for letting us know. I was at your site on Friday, but am on a Mac so I think I’m okay. I’ll need to check to see if my site had the same thing happen as you.
Darryl
why I have a mac for surfing and a PC for Doing Mainstream Stuff for the Masses. Now, to get back to that Powerpoint…
Wow, bad news, but it sounds like you got it under control pretty quickly. Nice job and thanks for the heads up.
It appears in this case, the vulnerability is in Go Daddy’s shared hosting environment. 🙁
And how would this affect me on my Mac? Oh right, carry on then! Hehe! I’ve been pretty darned happy with BlueHost for my domains and space (the unlimited space is kind of awesome!).
I’m curious — what does Safari or other Mac browser do when it comes across a javascript redirection to a malware site?
For the record, I posted the note for the benefit of approximately 5% of Cyclelicious users who are vulnerable to malware like the Hillary Kneber hack from the weekend. About 70% of visitors use some version of Microsoft Windows, fewer than half of them are using Internet Explorer, and about 20% of that population are using a vulnerable, older version of IE.
What happened to the hubfinder tool? It gives a weird error message: Fatal error: Cannot redeclare class soapclient in /home/content/r/i/c/richardmasoner/html/hubfinder/nusoap.php on line 4104 What is that all about? http://www.cyclelicio.us/hubfinder/ hasn’t worked for a couple days now. Was it affected by the hackers too?
I finally changed my default PHP from PHP4 to PHP5 and I didn’t even notice hubfinder was broken until you mentioned it! Thanks for bringing this to my attention, but it’s probably going to be next week before I can fix this (busy busy busy!) So sorry about that.