Quote Originally Posted by xt0rt
The irresponsibility of many of these bigname hosts sickens me to no end. Whether it be overloaded servers, hijacked servers, or ****ty customer service they never take responsibility for problems that arise on their end. All they care about is that next monthly payment. The worst part is they have so many customers that if you leave them it really doesn't matter.

My advice, again, would be to switch hosts. There are other good ones out there with referral programs. Second, get on some forums and host review sites and let Hostgator know you're not just another naive cash flow opportunity.
Yes I know, but they are sensitive about bad publicity that CAN hurt. On the bright side I got the big "climb down" today (see a copy below). However this is only the start - they now need to get their act together to convince me they're going to do something about their security. By default certain files have to have "write" attributes to work correctly. Everyone should be able to work in an environment where the host company can be trusted to protect people up to a reasonable standard in those circumstances - at present Hostgator obviously don't.

I'll keep you posted.

Regards,

G

Gwilym,

You are correct that there could in fact be a script located on the server hunting for writeable scripts: However at this time we're unable to find one.

I'd highly recommend following the advice in the thread you've posted.
The specific one is:

DannoUK - what's almost certainly happened is this:

A malicious script has been set loose on the webhosts server.
That script searches for files that it can write to.
Such files are usually theme files.
This is not WP hacking as much a combination of a webhost security and your file permissions.

Download your current theme.
Go through each file in that theme checking for the garbage code.
Delete it all obviously
Upload the files and then change their permissions to 644 and NO higher. No 664 / 666 or anything else.
Check the site works.
If not, check your file editing.

You cannot now edit files online.

NO files on a site should ever be writable and if they are you must know where, why and the risks.

Let us know if you have any further questions or concerns.

Dave M.
Hostgator Customer Support