The “GoDaddy Joomla Hack” – How to Fix

GoDaddy, although one of the largest hosting companies out there, has a not-so-good reputation when it comes to security. In fact, many of the Joomla websites that we fix are hosted on GoDaddy. So why is that?

Well, we think that there are three major reasons why Joomla websites hosted on GoDaddy get hacked more often:

  1. GoDaddy is slow when it comes to upgrading its servers. In fact, GoDaddy has still many active servers running PHP 4 – a now defunct version of PHP that is no longer supported in any CMS (including the 2.5 version of Joomla). This causes many security issues because users simply can’t upgrade their Joomla websites even if they want to.
  2. In its basic hosting plan, GoDaddy has your website along with hundreds of websites (that belong to many different people) on the same server. Naturally, this’ll mean a huge performance hit on your Joomla website, especially if a website (out of those hundreds) is resource demanding. But that’s OK, because there’s even a bigger problem, your website could easily get hacked because of a backdoor created by another website on the same server – regardless on how isolated the accounts on that server are. Additionally, being on the same server and sharing the same IP with many other websites may damage the reputation of your website, because if the IP gets blacklisted because of a misbehavior by just one website, then this means that your website will get blacklisted as well… Not too good!

  3. GoDaddy has this simple, automated process (in the control panel) by which anyone, with very little Internet experience, can install Joomla by simply filling in a few fields. This is great, but the problem is that most of those who install Joomla this way think that it cannot be upgraded unless it is done through GoDaddy’s control panel. This is incorrect – it can be upgraded the usual way – but what makes things even more confusing for them is that GoDaddy has this (we’re trying to find a better word than “misleading”) One-click Joomla Upgrade button that people click on and think that they have upgraded their website to the latest Joomla version (and so now their websites are secure), while they really haven’t. In fact, the only think that happens when they click on that button is that GoDaddy just installs the latest Joomla version in a sub-directory and creates the matching database – it doesn’t migrate anything.

Now that we have explained why Joomla websites get hacked more often when they are hosted on GoDaddy, how can one fix/clean a GoDaddy hosted hacked Joomla website?

Well, we have noticed that most of the hacked Joomla websites on GoDaddy have just one infected file, which is usually one of those two files:

  • The file framework.php located under the includes folder.
  • The file application.php also located under the includes folder.

The hack usually consists of maliciously including a zip file somewhere in the above two files (just search for the word “zip” in those two files; on a clean website there shouldn’t be any match). Fixing the hack simply consists of removing the line that contains the word “zip”.

If none of the above files is hacked, then you can use our (now famous) super-duper way of quickly finding and fixing a (filesystem) hack on a Joomla website.

Now, if the above still fails and you still can’t find anything, then possibly your website suffers from a database hack. In this case, please follow the instructions described here to cleanup your website.

If all else fails then your best option would be to contact us. We will fix your website rapidly (in a matter of hours) at a very competitive rate. We’ll also throw in some recommendations to better protect your website in order to lessen the likelihood of another hack!

No comments yet.

Leave a comment