Jump to content
|Topic||Stats||Last action by|
|Windows Technical Preview||
|Desktop Linux is finally getting Netflix support||
|Neowin Members Digital Gallery 2014||
|Google's Doubleclick ad servers exposed millions of computers to malware||
|Official Dogs vs Cats||
Posted 03 May 2010 - 03:52
Posted 03 May 2010 - 04:03
Thank you for coming here to Neowin and posting that Salem Much appreciated to put our members minds at ease.
TonyLock and All,
I work on Go Daddy's Social Media Team and we're working with our Security Operations Center to locate examples of non-WordPress sites that have been compromised. If you're comfortable with sharing example domains, please feel free to PM them to me.
Please know that we're actively working to identify the issue and resolve it. Further, we've published steps to correct the issue at http://fwd4.me/MFK. As we continue to investigate the matter, our Security Team has noted that reports of sites with this malware that were not WordPress blogs have the commonality that an outdated version of WordPress is either powering part of the site or that it is not in use, but is still present on the hosting plan. Additionally, we have heard reports of the compromise occurring on other hosting providers.
Again, we are actively and aggressively working to identify the cause and we've published a means to correct it - http://fwd4.me/MFK .
Posted 03 May 2010 - 04:20
Rather than asking for examples, has there been any proactive response to yanno, search and clean GoDaddy's OWN servers? It would kind of make sense that a GoDaddy tech would ensure the security of the server by searching for any affected accounts on there and if GoDaddy has a clause in their Terms of Service that they don't resolve any malware issues on the client's account, at least notify the client with a support ticket referencing to them what they need to do for the safety of their account.
You can easily run an SSH command to find some of the "core" malware files and/or content itself.
#step 1, enter the path where the websites are hosted, it should be something like: cd /home/UsersWebsitesAreUnderThisDirectory/ #ste 2, use the find & grep find . 2>/dev/null | xargs grep -i kdjkfjskdfjlskdjf
Posted 03 May 2010 - 05:30
but if you will be only searching for WP installs trying to connect to: kdjkfjskdfjlskdjf.com you may want to try..#step 1, enter the path where the websites are hosted, it should be something like: cd /home/UsersWebsitesAreUnderThisDirectory/ #ste 2, use the find & grep find . 2>/dev/null | xargs grep -i kdjkfjskdfjlskdjf
Those 2 are not the best scripts for this, but those should do the job. Good luck
Posted 03 May 2010 - 06:24
It is not our job to provide tech support to GoDaddy. It is GoDaddy's job to provide security to it's customers.
Recently, GoDaddy gave away $100,000 in cash prize money to a competition winner, as a means of advertising. If they can afford to give a way a tenth of a millions dollars (USD) in cash to random members of the public, then surely they have enough money to hire a single security expert who can actually tell the server crew at GoDaddy what a crappy job they've done so far.
Update: I've just had a good friend from England email me about a similar issue with GoDaddy.
It bother's me that such a seemingly good company can allow your data's security to be compromised so easily and then just blame something else to not get their butts sued.
@Salem (of GoDaddy)
It's funny you have to come here and be an apologetic for GoDaddy. Get your act together before you have a class action law suit on your hands.
We should not have to provide this code to GoDaddy. They have administrators who get paied for this. Ask for money since they are obviously looking at this thread and will no doubt be using your code.
Posted 03 May 2010 - 07:29
Posted 03 May 2010 - 08:11
Posted 03 May 2010 - 08:37
So they checked your profile out. They didn't bother to hide their identity behind a fake account, did they? Relax..
Just caught GoDaddy spying on me, just as I had suspected.
Posted 03 May 2010 - 08:42
Posted 03 May 2010 - 10:06
Because they clicked on your
profile, they are spying on you?
It isn't who is looking at your profile right now, but who did click on your profile last.
I think you are way over reacting. GoDaddy is just trying to clear their name, and because your friends got hacked, you seem to take this personally against GoDaddy, as if they were the ones behind this.
You are making this situation much worse than it has to be. And threatening them with a lawsuit? Please! You already said your friends got hacked, and not you personally. I also don't like your attitude towards the GoDaddy member. He posted a reply to help the situation and you blew up at him for taking his time and coming here to post this.
Sickening, and I think you owe him an apology.
Posted 03 May 2010 - 10:07
Just caught GoDaddy spying on me, just as I had suspected.
This screenshot is of my profile as of 12:23 AM PDT. Look who is spying on me and on this thread at 10:27 PM rather than fix the security holes in their servers:
GoDaddy specifically made their Neowin account to comment on this thread and to address me directly. Clearly they are worried and don't have a clue what is going. Funny actually.
Posted 03 May 2010 - 10:11
And seriously, to expand on what andrew said.
The guy asked for what other domains you knew of that had been compromised, you could have provided that here or sent him a pm. instead you came up with another anonymous godaddy friend without wordpress. it could very well be they have unused wordpress files on the server or that wjatever the do use is based on wordpress
Posted 03 May 2010 - 10:34
Posted 03 May 2010 - 10:39
Seriously, you sound like you're on some kind of crusade against GoDaddy, throwing out claim after claim, without a single shed of proof.
and no, net chatter isn't proof.