Reports are coming in that Linux-based web servers are under attack at a number of popular webhosts including GoDaddy, DreamHost, BlueHost and others.
There are several ways to check your site for infection, with one warning sign being a lack of control panel access. For a foolproof test, view your site's HTML source code and search for the word "zettapetta" — finding it, or redirection to www1.firesavez5.com or a similar domain, is proof positive of infection.
Fixing the problem, whose cause is still unknown, reportedly requires the deletion of the infected site along with all of its files, then re-uploading a freshly downloaded copy of the latest version of WordPress using SFTP rather than FTP. This may not prevent an attack from recurring, however, and manually deleting the erroneous command lines within your files may be just as effective a solution, say some experts, but not all agree.
"As you know, a new wave of attacks aimed at compromising websites running outdated versions of online applications, such as WordPress, recently hit across numerous Internet hosting providers," Todd Redfoot, GoDaddy.com's chief information security officer, stated. "The bottom line resolution is to be sure you have the most up-to-date versions of your applications within your entire hosting account."
"Though we understand this issue is frustrating, Go Daddy believes the situation is moving in the right direction," Redfoot added. "We have identified — and are attempting to work with — the key service providers the attackers are using, [and] are collaborating with the authorities to ensure the individuals will be prosecuted."
Sucuri Security offers a scripted solution as well as an SSH command to remove the infection automatically, but a fresh update and install is recommended.
