(Click for larger view)
When arriving from Google, a hacked website will redirect to http://www2.burnvirusnow34.xorg.pl/
The good news is this attack appears to be based only on your actual files - not your database. That's relatively easy to clean up. In GoDaddy you should be able to revert to an old version of your files (Go to April 23rd or before and you should be fine)
The bad news is we don't know at this point how the hackers are gaining access.
So far, here's what I've found out about Godaddy's stance, from another blog that's also covering this issue:
"Measures are in place to protect the overall security of the shared hosting server on which your website resides. The compromise of your account is outside of the scope of security that we provide for you. Virus scans are performed on the content that is hosted, but they may not pick up everything, largely due to the fact that hackers tend to upload custom scripts which are not picked up by traditional malware scanners. However, if a virus is detected, you will be notified. The overall security of your password and the content within your account is your responsibility, as password compromises and compromises due to scripting can only be prevented by you."
Please forward this post to your friends, and help us get the word out. It looks like this has compromised a large number of blogs, and especially since it happened over the weekend, there's a good chance many bloggers haven't noticed it.
For more information on fixing the issue, please see this post : Cechriecom.com.js.php - WordPress Hacked on Godaddy
This is not your normal BlogcastFM blog post, but since we were hacked this weekend and unaware of the issue for a couple days, I felt we had to say something since our audience is bloggers - and help educate you guys in case you have the same problem. We'll resume with our normal interviews tomorrow.
Download podcast as mp3
(right click ⇒ save as)