Update: GoDaddy has posted a message on Neowin.net, confirming that the sites that were compromised do have an outdated version of WordPress, either active or inactive on their hosting plans. GoDaddy also mentioned that the compromise might be present on other hosting providers too.
"TonyLock and All,
I work on Go Daddy's Social Media Team and we're working with our Security Operations Center to locate examples of non-WordPress sites that have been compromised. If you're comfortable with sharing example domains, please feel free to PM them to me.
Please know that we're actively working to identify the issue and resolve it. Further, we've published steps to correct the issue at https://fwd4.me/MFK. As we continue to investigate the matter, our Security Team has noted that reports of sites with this malware that were not WordPress blogs have the commonality that an outdated version of WordPress is either powering part of the site or that it is not in use, but is still present on the hosting plan. Additionally, we have heard reports of the compromise occurring on other hosting providers.
Again, we are actively and aggressively working to identify the cause and we've published a means to correct it - https://fwd4.me/MFK .
^Salem"
Some WordPress users using GoDaddy hosting servers may have been seeing malware injections into their code. The compromised sites were usually outdated WordPress versions or had weak FTP passwords, according to godaddy.com.
Users began seeing lines of added code at the top and bottom of their websites, linking to the website https://kdjkfjskdfjlskdjf.com.
GoDaddy was aware of the situation today, tweeting that they are looking into the issue, but have confirmed the injection and posted a message on their community forums how to correct the malware injection.
According to Godaddy.com:
Users who maybe or are at risk are warned to backup their databases and restore WordPress:
1. Backup the database https://community.godaddy.com/help/2009/10/12/backing-up-and-restoring-mysql-or-mssql-databases/
2. Make a note of the customizations, such as plugins or any other modifications you've made.
3. Remove all files from the site, be sure to save anything that isn't part of WordPress!
4. Reinstall WordPress through Hosting Connections
5. Restore the database (see the above article)
6. Verify the WordPress users are correct and authorized
7. Re-install any plugins you were using
8. Reload any additional .php files from known clean copy
Users are also strongly cautioned to create a strong admin password, including their FTP and database password, using different passwords for each, to ensure that they are as secure as possible.
thanks toTonyLock for the tip!
34 Comments - Add comment