Go Daddy Flagged My Site for Malware


#1

Has anyone had this happen to them? Just got an email from GoDaddy saying “my site has been flagged for malware.” The file name is public_html/film-1.hyperesources/film1_hype_generated_script_prevv1.php

So that is a file generated by Hype. I wanted to let you guys know because if everyone is getting this there is a problem, my theory is GoDaddy is trying to get me to pay $120.00 a year to “police” my site for malware.

The file is dated 2013! I called support and said if the file was so dangerous, why did it take you so long to flag this file.

Before I delete this file, I’d love to get anyone’s take on this.

Thanks.

BTW, my site is www.justasparkfilms.com Just A Spark Films Anyone see anything malware on it?


#2

As far as I know, Hype doesn’t export PHP. (It’s mostly JavaScript and static HTML files.) So unless you put that file there in your project, something is amiss.

In general, having a website can be a big headache. HA HA. All day long, hackers try to find a way in. It seems that they might have found something. Quite often, something like this has to do with directory permissions. If you didn’t properly set the permissions (like, not 777) then a hacker can write files to your website.


#3

I would check that PHP file with a text editor - You might find a decidedly un-Hype file.

A client of mine got absolutely drilled by a hacker using her site to park over 14,000 files related to cheap knock-offs of expensive brands. The files were hidden in folders that mimicked the name of a legitimate file~directory only there was “copy” added to the name and “.php” scripts were added using a similar approach. Some of the files had been on there for quite some time. These files did not interfere with “normal” operation of the site. BTW: Her site is on GoDaddy.


(Jonathan Deutsch) #4

Just to clarify - legitimate copies of Hype do not export any .php files.

The most likely case is that your site has been compromised and malicious scripts have been run that create files that seemingly look like real files (hence using a Hype file name but a .php extension). The infestation could have happened through many different channels like incorrect permissions or an exploit in something like a wordpress plugin. I would recommend a full rebuild and permissions audit instead of just a restore from a backup as you could still be opening the door to be infested once again. Sorry this happened to you :frowning:.


#5

This might help determine what that PHP file is doing:


#6

I just took the easy approach and deleted the file in question. I’ve had no problems and go daddy has not contacted me.