Jump to content



Photo

GoDaddy Got Hacked Yesterday


  • Please log in to reply
72 replies to this topic

#16 +Cupcakes

Cupcakes

    #pugs { display: block; }

  • Joined: 12-May 09
  • Location: Chicago, IL

Posted 03 May 2010 - 03:52

Rather than asking for examples, has there been any proactive response to yanno, search and clean GoDaddy's OWN servers? It would kind of make sense that a GoDaddy tech would ensure the security of the server by searching for any affected accounts on there and if GoDaddy has a clause in their Terms of Service that they don't resolve any malware issues on the client's account, at least notify the client with a support ticket referencing to them what they need to do for the safety of their account.

You can easily run an SSH command to find some of the "core" malware files and/or content itself.


#17 vetAndrew Lyle

Andrew Lyle

    Don't Panic!

  • Joined: 15-December 03
  • Location: Toronto, Ontario
  • OS: Windows 7 SP1

Posted 03 May 2010 - 04:03

TonyLock and All,

I work on Go Daddy's Social Media Team and we're working with our Security Operations Center to locate examples of non-WordPress sites that have been compromised. If you're comfortable with sharing example domains, please feel free to PM them to me.

Please know that we're actively working to identify the issue and resolve it. Further, we've published steps to correct the issue at http://fwd4.me/MFK. As we continue to investigate the matter, our Security Team has noted that reports of sites with this malware that were not WordPress blogs have the commonality that an outdated version of WordPress is either powering part of the site or that it is not in use, but is still present on the hosting plan. Additionally, we have heard reports of the compromise occurring on other hosting providers.

Again, we are actively and aggressively working to identify the cause and we've published a means to correct it - http://fwd4.me/MFK .

^Salem

Thank you for coming here to Neowin and posting that Salem :yes: Much appreciated to put our members minds at ease.

#18 bytes2000

bytes2000

    Neowinian

  • Joined: 20-June 04

Posted 03 May 2010 - 04:20

Rather than asking for examples, has there been any proactive response to yanno, search and clean GoDaddy's OWN servers? It would kind of make sense that a GoDaddy tech would ensure the security of the server by searching for any affected accounts on there and if GoDaddy has a clause in their Terms of Service that they don't resolve any malware issues on the client's account, at least notify the client with a support ticket referencing to them what they need to do for the safety of their account.

You can easily run an SSH command to find some of the "core" malware files and/or content itself.


I have not created scripts for over half a year since I quit my job.. but I think on linux it could be something like this:

#step 1, enter the path where the websites are hosted, it should be something like:    cd /home/UsersWebsitesAreUnderThisDirectory/
#ste 2, use the find & grep
find . 2>/dev/null | xargs grep -i script | grep -i php
then just analyze the output of the script for something strange (using a remote javascript -from other domain-)

but if you will be only searching for WP installs trying to connect to: kdjkfjskdfjlskdjf.com you may want to try..
#step 1, enter the path where the websites are hosted, it should be something like:  cd /home/UsersWebsitesAreUnderThisDirectory/
#ste 2, use the find & grep
find . 2>/dev/null | xargs grep -i kdjkfjskdfjlskdjf

Those 2 are not the best scripts for this, but those should do the job. Good luck

#19 OP TonyLock

TonyLock

    Neowinian Senior

  • Joined: 23-July 02

Posted 03 May 2010 - 05:30

It is not our job to provide tech support to GoDaddy. It is GoDaddy's job to provide security to it's customers.

Recently, GoDaddy gave away $100,000 in cash prize money to a competition winner, as a means of advertising. If they can afford to give a way a tenth of a millions dollars (USD) in cash to random members of the public, then surely they have enough money to hire a single security expert who can actually tell the server crew at GoDaddy what a crappy job they've done so far.

Update: I've just had a good friend from England email me about a similar issue with GoDaddy.

It bother's me that such a seemingly good company can allow your data's security to be compromised so easily and then just blame something else to not get their butts sued.

@Salem (of GoDaddy)
It's funny you have to come here and be an apologetic for GoDaddy. Get your act together before you have a class action law suit on your hands.

------------------
@bytes2000

I have not created scripts for over half a year since I quit my job.. but I think on linux it could be something like this:

#step 1, enter the path where the websites are hosted, it should be something like:    cd /home/UsersWebsitesAreUnderThisDirectory/
#ste 2, use the find & grep
find . 2>/dev/null | xargs grep -i script | grep -i php
then just analyze the output of the script for something strange (using a remote javascript -from other domain-)

but if you will be only searching for WP installs trying to connect to: kdjkfjskdfjlskdjf.com you may want to try..
#step 1, enter the path where the websites are hosted, it should be something like:  cd /home/UsersWebsitesAreUnderThisDirectory/
#ste 2, use the find & grep
find . 2>/dev/null | xargs grep -i kdjkfjskdfjlskdjf

Those 2 are not the best scripts for this, but those should do the job. Good luck



We should not have to provide this code to GoDaddy. They have administrators who get paied for this. Ask for money since they are obviously looking at this thread and will no doubt be using your code.


#20 bytes2000

bytes2000

    Neowinian

  • Joined: 20-June 04

Posted 03 May 2010 - 06:24

It is not our job to provide tech support to GoDaddy. It is GoDaddy's job to provide security to it's customers.

Recently, GoDaddy gave away $100,000 in cash prize money to a competition winner, as a means of advertising. If they can afford to give a way a tenth of a millions dollars (USD) in cash to random members of the public, then surely they have enough money to hire a single security expert who can actually tell the server crew at GoDaddy what a crappy job they've done so far.

Update: I've just had a good friend from England email me about a similar issue with GoDaddy.

It bother's me that such a seemingly good company can allow your data's security to be compromised so easily and then just blame something else to not get their butts sued.

@Salem (of GoDaddy)
It's funny you have to come here and be an apologetic for GoDaddy. Get your act together before you have a class action law suit on your hands.

------------------
@bytes2000



We should not have to provide this code to GoDaddy. They have administrators who get paied for this. Ask for money since they are obviously looking at this thread and will no doubt be using your code.


Yes but, I care because 7 of my sites are hosted on Godaddy (currently none of them were altered) , I like all the stuff related to IT security and I currently have no job, so this is my spare time. Also.. I Dont think if they pay people for system administrators they have all the neccesary knowledge! I worked for the world leader in computer sales in the support area and I had more knowledge than some of the administrators.

Haha you are right, if they need help they can use Google or give some rewards, but I'm always willing to give my advice :p Im not an expert but I have some experience and creativity, which sometimes is helpful.

#21 OP TonyLock

TonyLock

    Neowinian Senior

  • Joined: 23-July 02

Posted 03 May 2010 - 07:29

Just caught GoDaddy spying on me, just as I had suspected.

This screenshot is of my profile as of 12:23 AM PDT. Look who is spying on me and on this thread at 10:27 PM rather than fix the security holes in their servers:

GoDaddy Spying on TonyLock.png

GoDaddy specifically made their Neowin account to comment on this thread and to address me directly. Clearly they are worried and don't have a clue what is going. Funny actually.

#22 vetAndrew Lyle

Andrew Lyle

    Don't Panic!

  • Joined: 15-December 03
  • Location: Toronto, Ontario
  • OS: Windows 7 SP1

Posted 03 May 2010 - 08:11

Because they clicked on your
profile, they are spying on you?

It isn't who is looking at your profile right now, but who did click on your profile last.

I think you are way over reacting. GoDaddy is just trying to clear their name, and because your friends got hacked, you seem to take this personally against GoDaddy, as if they were the ones behind this.

You are making this situation much worse than it has to be. And threatening them with a lawsuit? Please! You already said your friends got hacked, and not you personally. I also don't like your attitude towards the GoDaddy member. He posted a reply to help the situation and you blew up at him for taking his time and coming here to post this.

Sickening, and I think you owe him an apology.

#23 K.John

K.John

    Dev

  • Joined: 01-September 07
  • Location: Redmond, Washington
  • OS: Windows 8
  • Phone: Windows Phone 8

Posted 03 May 2010 - 08:37

Just caught GoDaddy spying on me, just as I had suspected.

So they checked your profile out. They didn't bother to hide their identity behind a fake account, did they? Relax..

If I followed your logic, I'd better be worried because on 24th April my profile was viewed by a profile named asda (likely random - check the position of those letters on the keyboard) created on the same day, filled with no information and that seems to be the only thing that profile has done on neowin (visit my profile). If I'm lucky, it's only someone who wanted to mark me down anonymously (star rating). If not, somebody is harvesting information about me, or performing background checks. There's nothing I can really do about it.

On topic, I have GoDaddy accounts but none of my php files seem to have been compromised.

#24 zyxwvut

zyxwvut

    Neowinian

  • Joined: 03-May 10

Posted 03 May 2010 - 08:42

My Godaddy site just got hacked also. It is just a simple PHP site, mostly html with .php page extensions. All the php files were hacked. Godaddy is in an extreme state of denial. They just sent a form email implying that it was somehow my fault. Definitely not just a Wordpress problem.

#25 OP TonyLock

TonyLock

    Neowinian Senior

  • Joined: 23-July 02

Posted 03 May 2010 - 10:06

Because they clicked on your
profile, they are spying on you?

It isn't who is looking at your profile right now, but who did click on your profile last.

I think you are way over reacting. GoDaddy is just trying to clear their name, and because your friends got hacked, you seem to take this personally against GoDaddy, as if they were the ones behind this.

You are making this situation much worse than it has to be. And threatening them with a lawsuit? Please! You already said your friends got hacked, and not you personally. I also don't like your attitude towards the GoDaddy member. He posted a reply to help the situation and you blew up at him for taking his time and coming here to post this.

Sickening, and I think you owe him an apology.


Apology? How old are you son? Apology for speaking the truth? Only on Neowin!

Thereal issue is responsibility.

GoDaddy is refusing to accept responsibility, because they know as soon as theystop blaming WrodPress and state the truth that they themselves failedto provide the minimalist of reasonable security, they will get theirbutts sued! So GoDaddy is desperately looking for a way out. Sofar, WrodPress is their scapegoat but despite WrodPress's failings, any true technologist knows the account management systemset up by GoDaddy it the one who is truly at fault here and not WordPress. If aclass action law suit were to be filed, any 10 year old with alittle knowledge of UNIX could prove the fault is withGoDaddy and not WordPress. That's why you can see they have tried hard thisweekend to bury this matter.

If you read a great many other tech forums, you'll see that others are also lookingin to a class action law suit. Thank God I don't host with GoDaddy or I wouldcertainly sue them for allowing my website to become vulnerable under theircare.

Kindly don't make this about me vs GoDaddy, it's about people vs GoDaddy.

  • GoDaddy, by their own incompetence have enabled hackers to access other accounts on their servers, distribute viruses via all of our websites and have possibly allowed the same hackers to have access to restricted data on the servers, not to mention the databases.
  • It's evident that GoDaddy, by their own flawed security has become the vehicle for the transpiration of internet viruses.
  • GoDaddy lied about the attack publicly (knowingly lied and also were vastly economical with the truth).
  • GoDaddy blamed people for using WordPress, even though they didn't have WordPress installed on their servers.
  • GoDaddy provided a completely useless support page that hardly address the issue and was more of a publicity act to support their blame of WordPress.
  • GoDaddy failed to adequately inform their customers of the attack, or advise them proactively what to do.
  • GoDaddy failed to restore the infected files.
  • GoDaddy failed to adequately inform their tech support staff of the issue.
    • When the GoDaddy tech support staff sought clarification, they themselves were informed the client (all of us) probably had key loggers to track FTP passwords (What utter BS).
  • After 2 of my friends and I called GoDaddy to find out what is going on, we were given the run around, and they ask us to help them!?
  • Reading Salem's post, it's clear GoDaddy recorded the conversation with one of my friends, without informing them the phone call was being recorded beforehand. Isn't this an OffCom and also an FCC violation? I was on Skype with my friend while he had GoDaddy on speaker-phone so I heard everything!
  • After all of which, GoDaddy followed and address me directly on Neowin just because I brought the issue to the attention of the public. GoDaddy has been hacked before and you never saw them chasing someone down who reported the matter publicly.
  • Then for no reason, 2 hours after making their Neowin account, GoDaddy examines my Neowin profile.
Therefore, as a concerned Neowin member, a possible future GoDaddycustomer (probably not any more though), and a good netizen, I see itperfectly reasonable to raise more questions about GoDaddy, and it'srecent failing. If you don't have any such concerns, then you are obviously onthe payroll of GoDaddy.

If anyone wasn't infuriated by GoDaddie's failings, I'dcall serious doubt in relation to you being a technologist,least a tech forum news reporter.

The bottom line is, GoDaddy needs to do the following:

  • Hire experts who know how to lock down user accounts so one account can never have access to another.
  • Stop making a bigger fool of themselves by:
    • Making false Tweets about the issue.
    • Stop blaming WordPress, start accepting complete and utter responsibility.
    • Following me around the internet.
    • Asking the public to do their jobs.
  • Make a public apology to everyone for their total lack of basic security.
  • Make a public apology to everyone for telling lies about the hack attempt.
  • Make a private apology individually to everyone whose site got infected.
  • Restore all files that have been infected and not just ask the customers to do it.
  • Insure this will never happen again, and offer heavy financial compensation if it does.
  • Insure if such a thing does happens again, they proactively inform the customer immediately.
I hope GoDaddy accept responsibility for it's failing and accepts whatit needs to do to set things right by it's customers.

But if there are back handers going out (as evident by theapologist for the GoDaddy's apologist) then I highly doubt it.

GoFigure GoDaddy!

#26 HawkMan

HawkMan

    Neowinian Senior

  • Tech Issues Solved: 4
  • Joined: 31-August 04
  • Location: Norway
  • Phone: Noka Lumia 1020

Posted 03 May 2010 - 10:07

Just caught GoDaddy spying on me, just as I had suspected.

This screenshot is of my profile as of 12:23 AM PDT. Look who is spying on me and on this thread at 10:27 PM rather than fix the security holes in their servers:

GoDaddy Spying on TonyLock.png

GoDaddy specifically made their Neowin account to comment on this thread and to address me directly. Clearly they are worried and don't have a clue what is going. Funny actually.



And seriously, to expand on what andrew said.

The guy asked for what other domains you knew of that had been compromised, you could have provided that here or sent him a pm. instead you came up with another anonymous godaddy friend without wordpress. it could very well be they have unused wordpress files on the server or that wjatever the do use is based on wordpress

#27 OP TonyLock

TonyLock

    Neowinian Senior

  • Joined: 23-July 02

Posted 03 May 2010 - 10:11

And seriously, to expand on what andrew said.

The guy asked for what other domains you knew of that had been compromised, you could have provided that here or sent him a pm. instead you came up with another anonymous godaddy friend without wordpress. it could very well be they have unused wordpress files on the server or that wjatever the do use is based on wordpress


Clearly, you have never called GoDaddy tech support before. They know the sites have have been told on the phone. I have no need to mention them here.

Anyway, GoDaddy don't need to know about any more domains, considering all the net chatter about this enter issue.

All they need to do is lock does their accounts so one account cannot write to another. PERIOD! PROBLEM SOLVED!

#28 HawkMan

HawkMan

    Neowinian Senior

  • Tech Issues Solved: 4
  • Joined: 31-August 04
  • Location: Norway
  • Phone: Noka Lumia 1020

Posted 03 May 2010 - 10:34

Seriously, you sound like you're on some kind of crusade against GoDaddy, throwing out claim after claim, without a single shed of proof.

and no, net chatter isn't proof.

#29 stevember

stevember

    'But thats just me....'

  • Tech Issues Solved: 2
  • Joined: 13-August 01
  • Location: Cornwall, UK

Posted 03 May 2010 - 10:39

Seriously, you sound like you're on some kind of crusade against GoDaddy, throwing out claim after claim, without a single shed of proof.

and no, net chatter isn't proof.


+1

Plus I just spied on you...

#30 HawkMan

HawkMan

    Neowinian Senior

  • Tech Issues Solved: 4
  • Joined: 31-August 04
  • Location: Norway
  • Phone: Noka Lumia 1020

Posted 03 May 2010 - 10:43

+1

Plus I just spied on you...


OH NOEZ!!!!! :p



Click here to login or here to register to remove this ad, it's free!