Sign in to follow this  
Followers 0
TonyLock

GoDaddy Got Hacked Yesterday

73 posts in this topic

Speaking with the security expert at GoDaddy, Todd Redfoot, he mentioned that they did not see the exploit on users accounts that were running WordPress 2.9.2.

Just to let you know that my site was infected... I dont have any wordpress installation (not any contact with wordpress).

I think is a GoDaddy security issue.

Open source project is commonly used by hackers to trigger this kind of attacks but we have to take in account that exist infected sites without wordpress.

Hope this helps...

Share this post


Link to post
Share on other sites

Just to let you know that my site was infected... I dont have any wordpress installation (not any contact with wordpress).

I think is a GoDaddy security issue.

Open source project is commonly used by hackers to trigger this kind of attacks but we have to take in account that exist infected sites without wordpress.

Hope this helps...

Doesn't exactly help, as many claims of people not having WordPress installed popped up, ie TonyLock, who for days argued that his two friends did not have WordPress installed. But speaking with GoDaddy, they said every account they looked up, had some trace of an outdated version of WordPress, either inactive or active on their account. Now, i'm hearing reports that hackers could easily gain access to an entire server, which could access up-to 20-40 accounts on a single server. This could possibly be what GoDaddy is referring to when they said some trace of WordPress was found on users accounts.

Eitherway, the coordinated attack only targeted WordPress, afaik, which is very, very likely the only cause for this.

Share this post


Link to post
Share on other sites

Doesn't exactly help, as many claims of people not having WordPress installed popped up, ie TonyLock, who for days argued that his two friends did not have WordPress installed. But speaking with GoDaddy, they said every account they looked up, had some trace of an outdated version of WordPress, either inactive or active on their account. Now, i'm hearing reports that hackers could easily gain access to an entire server, which could access up-to 20-40 accounts on a single server. This could possibly be what GoDaddy is referring to when they said some trace of WordPress was found on users accounts.

Eitherway, the coordinated attack only targeted WordPress, afaik, which is very, very likely the only cause for this.

You only need one massively outdated Wordpress install on a godaddy box to infect the whole thing. "up to 20-40," more like 100-200, this is a godaddy box we're talking about. Suphp has been around a long time, it's about time godaddy caught up and stopped blaming third-parties.

Share this post


Link to post
Share on other sites

Doesn't exactly help, as many claims of people not having WordPress installed popped up, ie TonyLock, who for days argued that his two friends did not have WordPress installed. But speaking with GoDaddy, they said every account they looked up, had some trace of an outdated version of WordPress, either inactive or active on their account. Now, i'm hearing reports that hackers could easily gain access to an entire server, which could access up-to 20-40 accounts on a single server. This could possibly be what GoDaddy is referring to when they said some trace of WordPress was found on users accounts.

Eitherway, the coordinated attack only targeted WordPress, afaik, which is very, very likely the only cause for this.

that's a very warped definition of "some traces... was found on users accounts" if it's taken to mean that "a user's account had no traces of the files but another user's account who was on the same server did".

and how is it a wordpress problem when one vulnerable install can go out and contaminate everyone else's accounts? this point seems to be universally conceded, and if that's the case, then it's absolutely godaddy's fault for not securing their servers and isolating each account properly.

Share this post


Link to post
Share on other sites

I'm just going by the data that godaddy told me directly. People can argue all they want about the issue, and pull facts from all over the Internet, but 99% of them are likely to be opinions and theories.

I spoke to godaddy's security team directly, over the phone.

Share this post


Link to post
Share on other sites

I'm just going by the data that godaddy told me directly. People can argue all they want about the issue, and pull facts from all over the Internet, but 99% of them are likely to be opinions and theories.

I spoke to godaddy's security team directly, over the phone.

i understand that, but the information i've read on neowin - the official information that you've posted - strongly suggests that godaddy is at fault here, especially considering that there's not been reports of the same outdated installations on other major web hosts causing this much trouble as well. I don't understand why you're consistently defending them without questioning the official story even a little bit.

if it turns out to be something inherent to the way shared hosts are set up, then we'd have much more problems than simply pointing fingers at everyone.

Share this post


Link to post
Share on other sites

What? What you just posted doesn't actually make sense. You said I'm posting that they are strongly at fault, but in defending them?

It's one side or the other. I talked to godaddy and cleared up the entire issue, it was an outdated version of wordpress exploit and only attacked shared Linux hosts.

There is nothing really more to the story than that.

Share this post


Link to post
Share on other sites

What? What you just posted doesn't actually make sense. You said I'm posting that they are strongly at fault, but in defending them?

It's one side or the other. I talked to godaddy and cleared up the entire issue, it was an outdated version of wordpress exploit and only attacked shared Linux hosts.

There is nothing really more to the story than that.

sorry i meant that the facts you've posted (i.e. an outdated wp on one account could be exploited to infect other accounts on the same server) suggests they have security problems. I didn't mean that you actually said they were at fault.

it's clear that outdated versions of WP was exploited, but I don't see how that clears up the issue of it being able to infect other hosting accounts.

Share this post


Link to post
Share on other sites

You only need one massively outdated Wordpress install on a godaddy box to infect the whole thing. "up to 20-40," more like 100-200, this is a godaddy box we're talking about. Suphp has been around a long time, it's about time godaddy caught up and stopped blaming third-parties.

More like 1000's :whistle: I'm currently on a shared Linux plan and I'm sharing with 6,575 other sites.

But yea, I've been running WordPress since November and I wasn't affected with this recent problem.

Share this post


Link to post
Share on other sites

More like 1000's :whistle: I'm currently on a shared Linux plan and I'm sharing with 6,575 other sites.

But yea, I've been running WordPress since November and I wasn't affected with this recent problem.

to be honest, most of those websites are inactive / using very little to no resources and/or storage space.

How did you find out you're sharing with 6,575 other websites?

Share this post


Link to post
Share on other sites

to be honest, most of those websites are inactive / using very little to no resources and/or storage space.

How did you find out you're sharing with 6,575 other websites?

Inactive accounts are worse than active :3.

I know no one offhand that's hosted on GoDaddy but went on Twitter search and grabbed a random GoDaddy customer's site:

stephenpsmith.com resolves to 208.109.181.42 and only has 162 other sites hosted on the server that account is on.

FAR from that 6,000 other sites claimed above.

So with that being said, x9248, I'm definitely also interested in your server's IP so I can check out to see if it does in fact host that many accounts on a single server :)

Share this post


Link to post
Share on other sites

I'm just going by the data that godaddy told me directly. People can argue all they want about the issue, and pull facts from all over the Internet, but 99% of them are likely to be opinions and theories.

I spoke to godaddy's security team directly, over the phone.

That's a fine attitude for a reporter, allow me to paraphrase "The accused in this debacle says so, it must be true! No further investigation needed or wanted. You guys don't know what you are talking about."

There's no pulling "facts from all over the internet," I and others posting here work in the business, I find your ignorance of that offensive.

Share this post


Link to post
Share on other sites

It's not like I just pulled a number out my arse, it's what the whois says.

876786.jpg

Could it be wrong? Hell I dunno, it's what I'm going by tho.

Share this post


Link to post
Share on other sites

It's not like I just pulled a number out my arse, it's what the whois says.

876786.jpg

Could it be wrong? Hell I dunno, it's what I'm going by tho.

Wow, I didn't know the numbers were so high.

Share this post


Link to post
Share on other sites

Why are you blocking out the domain name? For all I know that could be a domain that's using parked nameservers.

Share this post


Link to post
Share on other sites

Well assume what you want then.

Share this post


Link to post
Share on other sites

Wow, I didn't know the numbers were so high.

They may dynamically shift site on the serves based on traffic, resulting in some server having a rather high amount of sites with extremely little traffic, while more active site could end up with fewer sites per server.

Share this post


Link to post
Share on other sites

Well assume what you want then.

I already am. I can post up the same as you and claim it's from a domain hosted by GoDaddy:

0fe6c8220e4e9c9f72064f97d9ff5709.png

Share this post


Link to post
Share on other sites

Congratulations, you win the internet :rolleyes:

One, my site contains content that is against Neowins rules. Two, I do not pay for domain privacy and all my information comes up on the whois. Three, it's really none of your business.

Believe what you want, but I stated nothing but facts.

Edit: Actually if you are sooooo intent in proving me wrong, PM me and I'll be happy to give you the domain name.

Share this post


Link to post
Share on other sites

Hi, I am new to this board but I cam across this because I to was attacked, and GoDaddy basically directs me to their blog about wordpress issue. Since my site is on JOOMLA and I have no wordpress files in my system, that link doesn't work for me.

I have told them to update that blog to tell people that it has to do with Php scripts, that is how the virus is getting around. They still don't believe me.

I told them that this is a server issue. They said they can't find anything on the server to prove it. The support team gives me a general response and doesn't respond to my questions. I give them proof that I am not the only one who got hacked, again they don't believe me. in the end, they said it is my fault the hack happened and now theirs.

So I got upset and wrote an article about this, because I know there are others out there. Since then I have been receiving emails about the same thing. Their support team doesn't care about the customers and tells them to change the password or update wordpress.

kind of hard to update wordpress when there are people who, like myself, do not use wordpress..

and they keep saying my website is 'escalated' , they have been saying that since Monday and well, it is almost Thursday. What are they doing? Drinking coffee laughing as us customers because we are frustrated?? My site was flagged because of them! I lost business because of them and they said to me "its not our fault your website got a hack code"

I want to pull my hair out. I hate their general responses. They need to take responsibility for what they did and of course they won't. Because it is 'our fault' it happened.

and another thing, I even showed them proof, this link and others to prove that everyone so far are saying that this is due to SHARED hosting i.e. server.

of course GoDaddy doesn't believe me. They are getting annoyed by me because I am trying to help them solve this issue quickly by giving them input.

I have words for them right now, I will not say on the internet :)

hopefully this issue will get solved SOONER than later and fyi GoDaddy peeps, I got rid of the virus, three days later it came back again and I got rid of it again. I am a cpu tech person I went thru it line-by-line for a looong time today as well as Sunday. So I know the codes are gone but again GoDaddy thinks that I missed code. I might have but I did look through 6,000K and also check it with Notepad++, probably what they would do. So I made sure I didn't miss anything.

So again, if it goes away what the heck is making it come back?!?! Oh right, because their servers are affected! duh!

1 person likes this

Share this post


Link to post
Share on other sites

didn't they also screw over their customers with domain name registration a while ago too?

Share this post


Link to post
Share on other sites

didn't they also screw over their customers with domain name registration a while ago too?

I think so. But then again, you ask them they will be like "oh no that isn't true. You are the one who messed up" lol

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.