Author Topic: Is anyone else getting messages from GoDaddy that software may have malware?  (Read 2280 times)

0 Members and 1 Guest are viewing this topic.

Offline DaleReid

  • Forecaster
  • *****
  • Posts: 2002
    • Weather at Eau Claire, WI
I think this happened once before, but I'm getting emails from GoDaddy that says they have scanned my hosted website and found that a whole bunch of files were flagged by their software scan as malware.

Then they go on to say that I have to sign in and either fix or remove this whole list of stuff, including setup and other files which as best I can track down, are related to the program MeteoTemplate from Jachym.

I don't know if it is the way the compiler or whatever works, but I have no problems scanning a copy of that page when I look at it as it is on the web server.

Therefore I'm assuming that it is just GoDaddy's scan that is is error, just as if one takes a file and scans it with five or so different malware sniffers, and one finds a 'possible' problem and the rest don't.

I was going to tell godaddy to go stuff it and leave my site alone, but I don't want to go to the trouble of finding and moving to another host if they tell me to take a walk either.

I guess I don't mind them scanning and suggesting, but they sort of said fix it (it isn't my code) or remove it.  I can't do one of the choices (fix something if it isn't mine nor broke) and I won't remove it since things wouldn't run if it were pulled.

Dale
ECWx.info
&
ECWx.info/t/index.php

Offline Aardvark

  • Forecaster
  • *****
  • Posts: 2305
  • Tonto to Lone Ranger : "never take off mask.
    • turned off
   You might want to contact GODADDY directly, and discuss this.
https://www.youtube.com/watch?v=In3HEI7vQKo

Offline DaleReid

  • Forecaster
  • *****
  • Posts: 2002
    • Weather at Eau Claire, WI
Well, then, thanks for the pointer to that video discussion.

The speaker presents his case as if it is indeed malware, and that while I didn't put it there, someone hacked in and placed it on my site.

Is this likely true, or is it all BS?  I know anything can happen, but I guess I'd just shut the thing down and walk away rather than pay some exhorbitant fee over and over again.

this is a hobby, not a money making process.  I'm still confused as to whether or not there is actual malware on my site or it is just a phishing expidition like the unscrupulous garages telling you your fan belt needs replacing.
ECWx.info
&
ECWx.info/t/index.php

Offline PaulMy

  • Forecaster
  • *****
  • Posts: 5508
    • KomokaWeather
Hi Dale,
I got something similar from GoDaddy last summer.
http://www.wxforum.net/index.php?topic=32723.msg330856#msg330856


Paul

Offline Bushman

  • Forecaster
  • *****
  • Posts: 7549
    • Eagle Bay Weather
Need low cost IP monitoring?  http://wirelesstag.net/wta.aspx?link=NisJxz6FhUa4V67/cwCRWA or PM me for 50% off Wirelesstags!!

Offline gwwilk

  • Southeast Lincoln Weather
  • Forecaster
  • *****
  • Posts: 2573
    • SouthEast Lincoln, NE Weather
Inspect the originating and return URL's VERY, VERY carefully.  I received a similar email last week that ended up in my spam folder.  I should have left it there because after I moved it to my inbox I could see that it was bogus because of the URL's.  They were very clever and even hijacked the correct images, but there was nothing they could do about their web addresses.  They were just phishing.
Regards, Jerry Wilkins
gwwilk@gmail.com

Offline DaleReid

  • Forecaster
  • *****
  • Posts: 2002
    • Weather at Eau Claire, WI
First, a very big thank you to all who not only commented, but also linked to old message threads, to a video on Utube, and other helpful info.

I did run the virus scan that was posted (I had no idea such tools existed, so thank you), and it came up with a clean report.

I'm not sure what tool they use, but this one said no problem.

I do see it has my correct account number on the notice, and all the pointers are to the godaddy.com site, but those might be just bait for others hidden on that page. 

On the other hand, they might be just picking a couple of files and saying they 'may' be affected and yet not, since there are two places on the notification where they are advertising for their service to prevent this from happening again. 

I know places are always looking for business, so that may be all it is.

Thx again, guys.  I appreciate you sharing your knowledge and experience.  Dale
ECWx.info
&
ECWx.info/t/index.php

Offline Aardvark

  • Forecaster
  • *****
  • Posts: 2305
  • Tonto to Lone Ranger : "never take off mask.
    • turned off
one more time consuming thought.  You can download every file in your site, then scan it with  your virus scanner and then malwarebytes.  I am guessing you might have done that.  Then you would see what you know already,  it is clean.  and if there is a file that gives a false positive, then contact GoDaddy and let them make adjustments to their scanner.  Yeah, a lot of work, time and space.   On the good side, you have a copy of your site and know that no one loaded in stuff.


Offline 92merc

  • BismarckWeather.net
  • Forecaster
  • *****
  • Posts: 1307
  • BismarckWeather.net
    • BismarckWeather.net
If you are running the Saratoga Scripts you can add this file.  It does a basic malware check.

https://saratoga-weather.org/chk-files.php?sce=view

Then just run the file without the question mark ending.
https://www.BismarckWeather.net
Davis VP2, Cumulus, WeatherDisplay, Blitzortung, Saratoga Scripts, NOAA Stream via PI

Offline DaleReid

  • Forecaster
  • *****
  • Posts: 2002
    • Weather at Eau Claire, WI
The three things that are on the site, that I know of, are the code from Weather Display to show that program's generated graphics, WDL Fresh, which is minimal stuff, and then Jachym's MeteoTemplate, which uses info to run his program, along with the API from Weather Display as a source to populate a SQL database.

I'll perhaps try tracking each one to see if I can scan and clean, if it needs cleaning.

Thanks again.
ECWx.info
&
ECWx.info/t/index.php

Offline CNYWeather

  • Forecaster
  • *****
  • Posts: 2295
    • CNYWeather
This has happened I think 3 times to me now.

I've found after an email from GoDaddy many files that were injected into my site.
Most were PHP files that are renamed to something close to another file on my site.
Normally they are about 3 directories down hidden in some obscure file folder.

No clue how they get there and i've tried to get somewhere with GoDaddy
as to how they get there if they are such a good host. If I move my site to a business site hosting, they say it won't happen anymore.



Tony




Offline Aardvark

  • Forecaster
  • *****
  • Posts: 2305
  • Tonto to Lone Ranger : "never take off mask.
    • turned off
Change your site password.  I use leuven  and I am able to change the password that I use to make changes to my site.  Same goes for my internet host, change your password.
 If someone or plural are injecting to your site, then change the password and demand godaddy help on their end.