Hosting With GoDaddy? Might Want To Rethink That Decision.

Posted on May 13th, 2010 at 10:04 am by Michael VanDeMar under blogthropology, coding, customer service, Wordpress, WTF

One of the services I offer people is cleaning their WordPress installations of hacks and infections, mostly for those who might not have the time or technical expertise to follow my hacked WordPress cleaning guide. Therefore when something happens that increases the number of people getting hacked, such as when a new exploit is discovered, or a security hole in a large host starts getting exploited (like what happened with Network Solutions last month), I get an increase in the number of people requesting help cleaning things up. This month it started happening with a large number of GoDaddy customers.

When it first started to happen I did some searching around, and noticed that there was some discussion going on about the heightened GoDaddy hacking activity, but at that time everything I read that stated the problem was with GoDaddy customers all had roots pointing back to a single post on a company blog that didn’t offer enough details for me to really see why it was happening there and not other places. Not that WordPress on other hosts weren’t still getting hacked, but there has definitely been a higher concentration of instances on GoDaddy. GoDaddy was definitely aware of the issue, and even replied in some threads on the WordPress.org help forum:

GoDaddy.com did send out a notification to customers affected by this issue. Although I know you would prefer not to be linked, I want to avoid flooding the forum. For a step-by-step guide to update WordPress, please visit http://fwd4.me/NGNAlicia from GoDaddy.com

The link to their “step-by-step guide” to updating WordPress turns out to be nothing more than than a link back to WordPress’ own guide to upgrading, and links on how to back up your stuff on GoDaddy. Decidedly not step-by-step imo, and in this case not all that helpful. If the reason your site gets hacked is due to you running an older, insecure version of WordPress, once that happens simply upgrading will not fix the issue. This seems to me to be a bit of a lame response to a serious issue coming from a company that bills itself as the “World’s largest Hosting Provider”.

GoDaddy keeps insisting that the problem is due to outdated WordPress installations, and that staying up to date and site security is the responsibility of the customer, not of GoDaddy. In one sense I completely agree with them. If you run an older version of WordPress that has known security holes in it (ie. pretty much all versions aside from the most recent) then the odds are that you are going to get hacked. Most of the clients I cleaned from GoDaddy so far were up to date, running version 2.9.2, but this still didn’t mean that it was GoDaddy’s fault, since it is possible for a site to get hacked and no signs show up for months. This means that the sites I was cleaning could potentially have had the hack from an older version, and it only became apparent some time after they upgraded.

The problem is that after doing some very thorough clean up jobs (ie. wipe and reinstall), and making sure the clients were up to date, all passwords changed, all image files verified as actual images, clean WordPress, clean theme, clean plugins, and hand cleaning the database, I had clients still getting re-hacked.

One client I had was having issues with funky characters in his posts. He would make the post, everything would be fine, and then the next day they would be converted in a way that would make them display as unicode. This was well after I had done my cleaning, and no one should have made any changes to the database since then. My assumption was that GoDaddy themselves was making changes, possibly security upgrades related to the recent hacking waves, and I figured that calling them to see what they had done would be the best bet. In preparation for this I went ahead and logged into the client’s account, and ftp’d into the server just to make sure everything looked like it was in place still. As soon as I did I saw that about 30 minutes before a brand new, non-Wordpress, oddly named php file had been dropped into my client’s site.

I downloaded the file and looked at it. I suddenly realized that this was the source file for all of the hacks that were happening. It was named “plan_erich.php”, and had similar eval(base64_decode( instruction at the top of the file. I modified the code to be able to decrypt it safely, and looked through the output (which you can view here). The script was designed to delete itself as soon as it ran:

$z=$_SERVER["SCRIPT_FILENAME"]; @unlink($z);

Finding this script before it was triggered and deleted itself was raw luck. Catching this file gave a great opportunity to actually track down how these hacks are occurring, and possibly would leave clues that GoDaddy could use to keep it from happening again. Looking at the owner/creator of the file, and matching that timestamp up with the various logs (ftp, ssh, http, mysql, etc) could give GoDaddy the information needed to figure out how the file really got there, instead of just guessing that WordPress was the issue. I have never seen a file like this before, and searching Google for the name yielded no results, so there really was no other information out there available on this. Finding it there was a little like hitting the lottery in that respect, random and very, very good luck.

The problem, however, is that GoDaddy didn’t seem to care. I called and explained to the woman I spoke with exactly what it was that I found and how it could be useful. I told her that matching up that file to the logs could yield some potentially valuable information. She did listen carefully, and I am pretty sure she understood what I was saying, because she asked if she could put me on hold to go talk with someone who might know more. She came back and informed me that she didn’t have permission to look at those logs.

I explained again, in a little more detail, why looking at the section of those logs was very important, and if she didn’t have permission could she please escalate the ticket to someone who did. Again, she put me on hold. This time she came back and told me that they were uninterested in escalating it.

At this point I was a teensy bit amazed at GoDaddy’s lack of concern with the issue. She very kindly informed me that the issue was that the client was running an older version of WordPress, and that we needed to upgrade. Wtf? I went and looked, and made sure that he was indeed still running the 2.9.2 version that I had installed over a week ago (and remember, he was running that version before I ever did anything), and he was. I told her that. She told me that no, she was looking at what the hosting control panel said, and that he was running version 2.6.

That was when it struck me… GoDaddy was claiming that this wave of WordPress hacks was due to clients not upgrading without even bothering to really look at the clients sites. The hosting control panel can only report what was installed via the hosting control panel itself. If a client pushes the button to upgrade WordPress from within the WordPress admin section then the hosting control panel will never know.

As amazing as it seems, apparently the entire GoDaddy technical support team is ignorant of this fact. That’s right… the “World’s largest Hosting Provider” doesn’t understand the very basics of how the world’s largest blogging platform works.

Something, probably a hosting configuration, is allowing GoDaddy customers to have their sites hacked, and it isn’t file permissions, insecure passwords, or out of date software. Not being willing to even look when a developer calls to tell you that they found something is completely unacceptable. My suggestion to all GoDaddy hosting customers: bail now, before something happens to your site. This is not a WordPress issue only… although it seems to have targeted WordPress customers first, all sites that use php are at risk. Personally for shared hosting I recommend Hostgator, because I love their tech support (and their servers are very robust), but there are plenty of hosts out there to choose from (Disclosure: I changed the previous link to an affiliate link, although if you’d rather purchase hosting from them without giving me credit that’s fine too, here is a clean link for you: HostGator).

Bob Parsons, I am sorry. Hot chicks and a strong tits and ass marketing campaign do not make up for apathy in matters of client security and well being.

Enjoyed what you read here? Subscribe to my feed.

  You should follow me on Twitter!

Be Sociable, Share!

168 Responses to “Hosting With GoDaddy? Might Want To Rethink That Decision.”

  1. Randy Duermyer Says:

    This is an eye-opening post, but as you say, the hack is not limited to GoDaddy. I’m a reseller for them and have always been impressed with the prompt responsive service. However, I too received the security warning that I was using an outdated version of WP. The email message only had links direct to WP.org so it was very useless. I checked all of my own and my clients’ blogs and all have been updated, so I was wondering what was going on. Now I see what you mean – if you used their auto install to install WP in the first place, they have no idea you updated it – several times over. Thanks for solving that mystery.

    Personally, I’ve been involved with a number of hosting companies and have had issues with each and every one. I think it was a step in the right direction for GoDaddy to send out notices for those in need of upgrades, but they should have been sure of their information before doing so. It might have been more effective to send out a blast to all with WP installed to tell them to check to see which version they were running. If I’m not mistaken, Network Solutions (gag, gag) seemed to be the first target and I’m not aware they did anything, so something seems to be better than nothing, at least.

  2. James Svoboda Says:

    “Bob Parsons, I am sorry. Hot chicks and a strong…”

    Best (and most true) line I have read in quite some time.

    This makes me very glad I host elsewhere!

  3. Mark Fulton Says:

    I looked at the code; what do the references to the domains mean? I found: holasionweb.com and burhot33-td.net – Could this be the culprit’s website?

    Commend you for helping to keep WordPress users safe.

    Sad that GoDaddy is blowing this off.

  4. Ruth Says:

    Wow. I am SO glad that I just moved a couple people off there. I’ve had clients hacked at other hosts, but the fact that they aren’t even interested in what you’ve found & are assuming that people are upgrading using GoDaddy rather than manual (my choice) or the incredibly easy internal upgrader (probably what most of their clients are using)–that’s just nuts.

    Sure, not everyone upgrades. I’m planning to use this hack as a way to push a client up to 2.9.2 even though he’s been afraid to change stuff. But if it’s not just an old WordPress issue, they need to work on it. (I’ve heard of people w/other CMSes getting the same hack on GoDaddy.)

  5. George Feil Says:

    GoDaddy is the most incompetent hosting company I’ve ever dealt with. Years ago I signed up for a virtual instance with email and web server configured. Their default sendmail configuration allowed tens of thousands of spam emails to clog my storage and bring the machine to a standstill, and they goofed on my DNS configuration as well. After several frustrating days and no email service, I finally demanded a refund.

    I’ve had a much better experience with HostingRails.com (they support PHP, Perl, and Python too), and they provide excellent customer service. And for domain registration, Moniker.com offers excellent service at competitive prices. Don’t waste your time or money with GoDaddy!

  6. Jeremy L. Knauff Says:

    I have to say I generally love GoDaddy’s support, but their proprietary system is what stops us from hosting most clients w/ them.

  7. Martypants Says:

    Great post Michael, really pointing out the way GoDaddy operates – with apathy toward anything that is not profit-inducing, I have found another thing they do, which I ranted about a while ago here: http://www.articulayers.com/20.....t-godaddy/
    Basically, if you don’t force a canonical redirect, they will take one of the domains and put a targeted PPC campaign on it. Not parked domains mind you – live sites. Shameless charlatans, IMHO.
    Your post here amazed me though – their voiced response of being “uninterested” in pursuing it just boggles the mind.

  8. Tia Says:

    For two years I’ve been insisting that clients do NOT host their WordPress sites with GoDaddy. They had issues beyond security – around databases being configured improperly with their “auto” setup.

    Truthfully, though, this week has seen issues in a lot of hosts – including my favorite, BlueHost. So, at the moment I hate them all. But, gotta host somewhere, right!?

  9. Andrea_R Says:

    Thank you so much for writing this. I have none of my own site son GoDaddy, although I am guilty of using them just for domains. I’m gonna put my money where my mouth is and move them.

    This is just completely irresponsible of them. I deal with *many* clients wondering what’s going on, and them saying “it’s wordpress” not only passes the buck but ultimately doesn’t fix anything. Clearly, there’s a preponderance of evidence at this point – not just this post, but dozens now – highlighting that it’s definitely not WordPress and it’s very likely the setup at GD.

    You’re the second person I’ve heard of today that has tracked it down, has the proof and they’ve flat-out ignored them.

  10. Michael VanDeMar Says:

    @Tia – you are right, you do have to host somewhere. And to be fair it is very possible that the same issue affecting GoDaddy is affecting other hosts as well, and the reason we don’t see more complaints from other hosts is because they simply aren’t as large. However, with the number of sites hosted with them, and the incredibly huge amount of money and resources GoDaddy could throw at this problem if they so desired, the fact that they are uninterested in trying to fix it makes them far worse than other hosts out there. They should be the leader, not a firm that simply sits by and points fingers.

  11. Ryan Beale Says:

    My site is currently hosted with Godaddy and it took my 5 days to fix the hack. The Godaddy tech support person sounded like he was high when I was one the phone with him and he had no clue what was going on. He kept asking if I had upgraded to WP 2.9.2 (I kept saying, yes and I am diligent about upgrading immediately).

    Brutal. I need to switch web hosts.

  12. Ryan Beale Says:

    oh, and In the Thesis Theme Forum, the wonderful Shannon pointed me to This Article to help fix the godaddy hack issue and it worked like a charm :) http://blog.sucuri.net/2010/05.....atest.html

  13. Shashi Bellamkonda Says:

    Hi Michael,

    I work for Network Solutions. I wanted to respond to Randy Duermyer’s post in which he mentions Network Solutions and claims that we did not do anything to respond to the recent attempts to hack our system. On the contrary, we have devoted numerous resources of our own and obtained assistance from the community and other organizations to help our customers. Among many of the extraordinary steps that we have taken, Network Solutions’ customers were provided a scanner to check their websites for hidden malware. We have also been open in our communications on our blog that you linked to in your post so that people and, importantly, our customers can gather information about this issue.

    Our goal is to help the customers get on with focusing on the success of their businesses and we continue to concentrate our efforts on making it right for them.

    Thanks,

    Shashi

  14. Gil Reich Says:

    Nice post. We just went through this very ordeal, which hit 4 WordPress and 2 MediaWiki installations. GoDaddy wasn’t particularly helpful.

  15. Jane Stenson Says:

    GoDaddy is essentially a marketing company, not a technical company. I don’t think they care about providing good service or really care about technical issues until it impacts their bottom-line. This is the perception of them I’ve gained from years of having to work with them to help support various clients. Personally I think they need to do a better job with security, especially right now with http://www.dirtyphonebook.com and others posting so many personal details about people. If GoDaddy doesn’t do more of a good job to protect their customers’ sites and especially privileged client data, I doubt it’ll be long before we see some kind of massive privacy leak that will damage their business and NO AMOUNT of scantily clad cheerleader Super Bowl ads will cure this perception if they don’t move to fix this.

  16. Michael VanDeMar Says:

    Sashi, you are correct, you eventually did start digging deeper and even went so far as asking for help from the WordPress community, which is something that many companies would not be willing to do publicly, and that is definitely points in your favor. However, you guys did initially try and blame the hacks on the way WordPress itself was written, which did spark a bit of controversy and negative attention to the issue.

    Have you guys gotten anywhere on finding the root of the issue? This really doesn’t seem to be host specific, although there are certain hosts that it does not seem to be affecting yet. Have you tried sharing information with any of them?

  17. Introducing WP TurnKey Migration Services! » WP TurnKey Says:

    [...] some web hosts, such as GoDaddy, are proving that they simply don’t care. Even when enterprising developers find physical evidence of the previously unseen malware, and [...]

  18. Jason Coward Says:

    Does anyone know if GoDaddy and/or any of these other hosts are running PHP with either an suExec solution, or if not, with open_basedir restrictions? If neither of those are being used by your host, it would be in your best interest to leave immediately and find one that does. Any files writable by the webserver on a shared hosting account not using these techniques is vulnerable from any other account on the same machine. I’d bet anything that is what is going on…

  19. Michelle L Devon (Michy) Says:

    I’m with GoDaddy, with multiple sites, and two of my sites and two of my blogs were hit. Both blogs were WordPress. See, GoDaddy says to have the most recent upgrade, but they are weeks, sometimes months late putting that on their auto-installer. I never use it, because I update the minute WordPress tells me there’s a new release. I KNOW both my blogs were current.

    But the other two sites that were hit were Drupal backbones. I tried to follow their instructions to roll the site back in the history to a date prior to the infection and the first time, it worked like a charm. Then, I did all the upgrades, made sure it was the most current version, and everything was fine. The next morning, I was reinfected with the scareware script/redirect links. This time, I couldn’t roll it back, because for some reason, the database wouldn’t connect when I did. I got frustrated and wiped the whole damned thing out, and put a brand new, fresh install of Drupal and manually copied and pasted all my content (quite a chore for a seven year old site, let me tell you) and I knew I was current and clean – and then I went in and changed all my passwords to really difficult ones, including the FTP remote access, the hosting access, and the database passwords.

    I got reinfected. Third time. My site is now down, and this is what GoDaddy’s tech support sent me:

    “Thank you for contacting Online Support.

    Unfortunately at this time, I do not have specific details on you current infection of how to completely resolve it. Please understand that we have limited support on virus attacks. You may want to make sure ALL files that were modified are changed, .php, .php.ini, and anything else regardless of file extension. It seems as if something still remained in the site even after the restore.

    Please let us know if we can assist you in any other way.”

    …..

    Limited support… sigh.

    I am on grid hosting with them, and they claim it affected less than 5% of their entire network – but FOUR of my sites were hit (well, two and two blog subdomains), and all four were hosting on the same grid.

    I don’t mind that it happened – it sucks, but that’s part of the game, but this obvious lack of concern or interest in it, and them telling me this is MY fault when I know it’s not and the two days of downtime, lost revenue, and lost time for me and my tech guys having to fix this ourselves…. well, I’m not a happy customer, yanno?

    Thanks for letting me vent. GoDaddy’s own site about this issue hasn’t approved my comments that are held in moderation and they limit to 100 words. Thanks for letting me share my experience.

    Michy

  20. Steve Says:

    I have been a Network Solutions shared hosting customer since February. This is my first venture in developing a WordPress media platform. We were hacked on the 18th and 23rd and stopped dead in our tracks.

    As frustrating and exhausting as this has been I will go on record now and say that Network Solutions went ALL OUT to help customers and still are going all out to help customers. Not once did any NS representative suggest I would have to pay for anything or accuse me of being negligent. They we’re helpful, cool, polite, and fast under ultra intense pressure and GOT IT DONE. There are still a few minor inconveniences occasionally as NS continues to tighten things up. No problem. Whatever it takes.

    Do I regret my decision to go with NS? The answer is no I do not regret it.

  21. Shahar Says:

    Nice catch on plan_erich.php mine was tiphany_enemy.php – more info here.

  22. Galen Says:

    I had this happen on multiple personal accounts with Dreamhost. The hackers left a slough of those encrypted files – but each had a different name.

    Dreamhost was super nice about helping me though – quick turnaround – and they scanned and found 3 files I had missed.

  23. Kray Says:

    All I have to say is I’m not surprised. GoDaddy support is horrible at best. I agree that HostGator is the way to go.

  24. Daniel Tunkelang Says:

    I host my WordPress blog on GoDaddy and have suffered two PHP injection attacks in the past six months. I am religious about keeping my WordPress installation up to date, and I use only a bare minimum of plug-ins (Akismet, Subscribe Remind, Subscribe To Comments).

    Fortunately, I cleaned each of them up quickly (by getting rid of the obfuscated eval block inserted into each of my PHP files), and, to the best of my knowledge, there was no harm caused to my readers.

    Still, I’m curious if anyone knows whether the vulnerability is because of GoDaddy or WordPress itself. I like the flexibility of running my own installation, but another incident like this and I’ll be tempted to move off of self-hosting.

  25. Mike Chawla Says:

    My sites once got hacked and turned into phishing sites of some finance institutions. I didn’t know all this until I received an E-mail from my hosting provider. They claimed that all my WordPress installations on the shared server are out of date. I updated them all after they helped me deleting all the phishing-related files and never again I got the same kind of E-mail notification.

    The hosting provider was HostGator and I’m still using their service.

  26. strebel Says:

    We engaged Firehost.com to manage all our infrastructure on page.ly for this reason right here. They have the skill and the hardware to prevent these sorts of things before they even start.

    We pay 5x what we would somewhere else.. but I can sleep at night, and our WordPress hosting customers gain the added security benefit we are paying for.

    The race to the bottom on pricing that the econo-hosts have been running is biting them and their clients in the ass.

  27. CL Says:

    Yeah my site was hacked like this twice, just before I was planning to leave Godaddy hosting anyway. (I just changed to a different host today!) I never installed WordPress or any other CMS system, just a few small php files I wrote myself, they didn’t even allow file uploads or anything like that. I checked the Apache log and in the second attack the file was called couple_peria.php. But it was already deleted by the time I checked FTP to look at it. I scanned every line of the apache log for that day and it looks like there’s no way the file was uploaded thru the web server (I would be very surprised if WordPress has anything to do with this AT ALL). Someone must be doing it thru FTP or SSH or something else.

  28. Maria Allen Says:

    I didn’t know about the problems at Go Daddy and Network Solutions until yesterday when I started getting malware complaints from my customers. My hosting company, Network Solutions, ran some sort of test on my site when I called them this morning, and while acknowledging problems with hackers, pronounced my site “clean”. However, this afternoon, customers were still getting malware warnings.

    I don’t know code but by comparing the local and remote sites even I was able to find the malicious code on the index page and a script file that redirects users to a malicious site, so I can’t say that I’m impressed with the help I received from the folks at Network Solutions, especially since it turns out that the malicious code on my site was just like the code found on the U.S. Treasury and hundreds of other sites a few weeks ago. I am also not comforted by this Russian Youtube video http://www.youtube.com/watch?v=nabz7t65eUM which claims to show someone in the process of hacking Network Solution websites.

  29. Tanya Stambolic Says:

    Give Hover a try
    https://www.hover.com/

  30. Doc Campbell Says:

    Great piece, Michael, and a nice piece of sleuthing, too!
    That GoDaddy refused to accept responsibility as hoster for even basic troubleshooting comes as no surprise. As Jane Stenson said, they are a marketing company, not a technical company. The fact of the matter is(IMHO), the vast majority of the people that would even consider hosting with them, probably don’t know enough about how things work, to be able to recognize GoDaddy’s fail. I have registered domains with them, but I’d rather go back to smoke signals than use them as a host… I’ve heard far too many horror stories.

  31. thinol Says:

    I am not sure if it can help in this case precisely, but I believe it does, they are small scripts to test the presence of intruders on a site: http://www.scriptol.com/scripts/script-checker.php compares the code of WordPress online and the true version that you put on a local directory and http://www.scriptol.com/scripts/botlane.php check the change on the files on the site.

  32. Geordy Rostad Says:

    I’ve been using Hostgator for over a year now and I have to say they are excellent. When a friend first uttered the name “gator” I was a little worried but I have to say I haven’t had a bit of problem with their servers or the support.

  33. Saib Says:

    I have 2 site hosted on Godaddy. Malware injected to both the sites on May 1 and May 12. Yes, if it is a custom built site, Godaddy customer support just says, someone might have got your password. and This is customer’s problem, they can’t help in this matter. Unfortunately they don’t have enough help information how to prevent this. Planning to leave Godaddy.

  34. Phil Says:

    My site on Godaddy was hacked too. I’m not using WP. It’s only pure PHP coding. In fact few years ago, I turned my HTML pages into PHP only to use few PHP function, mostly the ‘include’ one.

    The hack happened also last January. At that time, I thought it was my fault: I turned on “magic_quotes_gpc”. I read also it wasn’t a good idea to include file via http (allow_url_include = On) so I changed that too.

    But the hack happened again on may 12th.
    Lucky for me: yesterday, I was able to change my ftp pwd and upload an .htaccess file to put offline my site.

    But today, I wanted to re-upload my site. Unfortunately, I forget my new ftp pwd, so I changed it again. Then, no more ftp access via filezilla or even with their ‘file manager’. Oh, it says the pwd change can take up to 30 minutes… Why? Anyway, I waited 1 hour before calling their tech support. They told me they were aware there was a problem with the ‘file manager’. Regarding my ftp pwd, they told my to wait until noon PST… in 10 hours for me…

    I’m glad my hosting plan is expiring in July.

  35. The Latest Malware Malfeasance | Ipstenu.Org Says:

    [...] you’re on GoDaddy, LEAVE. GoDaddy Doesn’t Give A Damn, or at least they’re acting like they don’t. A user found the code used to inject [...]

  36. Alex Sysoef Says:

    Thanks for the great analysis. I always recommended my customers to stay away from GoDaddy, although for different reason, now it only solidifies my recommendation.

    Scary how easily large installs like this penetrated and then ignored by those who supposed oto help end users protect it.

  37. Clive at BlogBriefing.com Says:

    Fortunately I only use Godaddy as a registrar service but my 2 cents is this anyway: When using a shared server with a 1000 + other web site owners there’s bound to be at least one that has an outdated no security WP installation.

    My info (conjecture) is that using that vulnerable site the script was able to get FTP access from the server for all the other domains, then it could startspecifically targeting php based installs ( of which WP is obviously the largest).

    To me that would explain the re-infections even after the sites had been thoroughly cleaned by owners clued up enough to do that.

    Doesn’t matter how up to date your WP install, or built in security is if a hacker or his script has gained FTP access to your site.

    My host (Heart UK) features a FTP lockdown feature that disallows any FTP access unless the site is ‘unlocked’ for a set period of time or IP address and that sounds like it might be an idea other hosts should apply if they don’t already.

    So that, and my recently following the 30 security measures for WordPress as espoused in WordPress Defender http://www.blogbriefing.com/wordpress-security/ will, I hope, keep my sites secure. Or pay out for a dedicated server – a bit out of my reach.

  38. Michael VanDeMar Says:

    @Clive – I am pretty sure that if a server is running some sort of properly configured suexec solution, where each user is prevented from accessing the home directory of another user, then being on a shared host is fine since each virtual host can only access files on their specific directory. I know that HostGator switched to that solution a couple years back, and as far as I can tell, so far they are not one of the ones being affected by this.

  39. Lillicotch.com » Problems With GoDaddy Hosting Says:

    [...] Hosting With GoDaddy? Might Want To Rethink That Decision Comments (0) [...]

  40. Andy Stratton Says:

    Latest post on my site have soft fixes for this, but it’s not all encompassing, just quick for PHP files.

    New posting coming soon with more updates and thoughts. Just found this exploit happening on a BlueHost.com hosting account. Reading deeper into what it’s actually doing.

    I agree, you need to make sure all image files ARE image files and the only files on the server are YOUR files. This is kind of a nightmare, but the hopefully the power of community (WordPress, PHP, geeks) can overcome.

    More to come, great post @Michael) – and though I’m widening the provider that’s fallen prey to this, GoDaddy is still the Walmart of Web Hosting and I avoid them like… well, Walmart.

  41. Page.ly Free Site For Life Giveaway Contest | Theme Lab Says:

    [...] all the hacks going around infecting WordPress sites with malware on certain hosts, it is very important you choose a host that takes security seriously. With Page.ly signing a deal [...]

  42. Riccardo Says:

    Same thing happened in Italy to a lot of wordpress site hosted by Aruba (an Italian provider).
    They answered the hacking was due to an old version of wordpress.
    Same story…

  43. sean Says:

    I used to work in hosting at Godaddy. While it is true that the average first tier support knows nothing and is generally useless, I believe that if you get escalated to the correct people or sadly rant enough on twitter, you will find that the engineers and people working directly on the products do care. Unfortunately the company is so large that getting the the correct level of support and filtering the noise is difficult. It was definitely hard to work for a company and see posts like this when you know that the engineers are working hard long hours trying to fix issues and deliver the best product they can. Of course management and corporate aren’t always as supportive.

  44. Michael VanDeMar Says:

    @sean – I am sure that there are at least some tech staff who are at least somewhat knowledgeable, but here’s the thing… 99.9% of customers would not even think to ask for a ticket to be escalated, period. I was very specific in my wording, and very careful in describing why. To ask a 1st tier tech to please escalate the ticket, be put on hold, and have them go put in the request, and have them come back and tell me that they were not interested in escalating it…?

    I am sorry. There is no damn excuse for that.

  45. fjpoblam Says:

    I hosted with network solutions for many years and, yes, they were very good. But I’m not a rich man. I’ll second your vote for hostgator. They’re on top of things. (Watch out for asmallorange, too: I have acquaintances who’ve had bad experience with both them and godaddy. Grrr. Know thy host. See webhostingtalk dot com for reviews of hosts.)

  46. sean Says:

    I completely agree Michael. There is a reason I’m an ex-employee after years of hard work and seemingly little no movement from management for change despite promises, I moved on when a move to management was the only choice for career advancement. There simply isn’t a strong technical development path at Godaddy where good enough is the spoken far too often. I heard Parsons put it best at one of our developer events, Godaddy is the walmart of hosting.

  47. Todd Redfoot Says:

    Early into our investigation, Go Daddy noticed a majority of exploited websites were all running WordPress. After feedback from customers, more attacks and more in-depth analysis, we modified our statement to specify the attacks targeted numerous PHP-based applications, which included WordPress.

    Go Daddy has taken a number of steps to gather information from our customers and the industry in order to help with this issue. We have 24×7 Security Operations, Network Operations and Abuse, ready to investigate any complaint which sent at any time.

    Transparency is a core value at Go Daddy. We intend to continue our commitment to communications. There are times, however, when revealing too much, such as specific code from the attack, helps the criminals causing the problem.

    We are aggressively collecting data to see how the attack is maturing and to discover ways we can help prevent our customers from being impacted and shut down ‘the bad guys’ altogether. Go Daddy is the world’s largest hosting provider in the world. As the leader, we are working with industry security experts and other top hosting providers.

    As part of our investigation, Go Daddy is encouraging customer input about their related website issues, which is why we set up a special questionnaire http://www.GoDaddy.com/securityissue.

    Look for further updates from Go Daddy on this topic, at http://Community.GoDaddy.com/Support.

    - Todd Redfoot, Go Daddy Chief Information Security Officer

  48. Clive at BlogBriefing.com Says:

    Hallelujah! Do you realize @Todd Redfoot that this is the first pro-active response that anybody, certainly me!, has seen from GoDaddy on this? And I’m partcipating on a number of threads on this throughout the web.

    Without wanting to apportion blame ( let’s sort out the issues first) have you alerted your first tier Support people to take a tad more seriously any support queries coming in to your Support Center raising these issues?

    Let’s be frank. The comments here are not a great endorsement of your company’s Support ethos. Sure I understand that you have been wrong-footed on this, support wise, so are you ‘on the ball’ now?

    Bearing in mind that the folks here are pretty clued up and your average customer, I suspect,is not how about an ongoing update page somewhere?

    I take the point about alerting the hackers to the sanctions that you are putting in place – but that said the, up until now, deafening silence from GD needs to be addressed.

  49. GoDaddy’s Suggestion For The Cause Of Their Hacks And Their Community Blog – Can You Smell The Irony? | Smackdown! Says:

    [...] I blogged about the hacking situation with GoDaddy hosting and a customer service call I had with them concerning some evidence I had found. While it is true [...]

  50. Will Says:

    I’ve a idea. Everyone hosting with GoDaddy, get up and leave. Now.

    This could be the great month of exodus. A month where everyone collectively leaves Facebook and GoDaddy. It’s a month of healing.

  51. Steve Greenstein Says:

    This is not a GoDaddy or WordPress problem. I have never used PHP on the web site I’ve built, and currently have only 1 site using WordPress (I recently took over this site for a makeover). The other 55 web sites I have created for my clients are either in HTML, ASP or ASP.net and spread over 11 different web hosting companies. Most of these sites have been hit in the last 2 weeks, with some being hit 3 times. Lighten up on GoDaddy. They’re not the best, but there are much worse hosting firms out there.

  52. Greg Says:

    I had 12 affected websites, all at GoDaddy. All of my sites at other hosting providers (such as HostGator) were fine. I did network/Linux security at IBM for 8 years and decided to research this exploit a little on my own since I was getting no help….

    I contacted 1st tier support to let them know my findings (including the fact that a fresh install of WP2.9.2 was compromised without a single plugin activated, with strong passwords, and proper file permissions) and I was treated just as any other idiot user without a clue. I was told to simply remove all files and re-install WordPress (again). The problem obviously was originating server-side or from the control-panel.

    I helped clean up IBM back during CodeRed, CodeBlue, and SQL Slammer back in the days, so I know how hard it is for a big entity to respond to something like this. However, there seemed to be more than a fair share of “ostrich-ing” going on at GoDaddy when this first hit. I don’t want to see them go down in flames or be endlessly slandered – I just want some damn help so that I don’t loose my livelihood! My hands are tied.

    Enough corporate doublespeak, let’s just get this thing fixed.

  53. Shashi Bellamkonda Says:

    Hi Micheal,

    Stopped by to answer your questions. Network Solutions tech folks are in touch with other hosting companies and the hope is that we can all cooperate and exchange info during times like this. We also sought the help of stopbadware.org. To help Network Solutions customers we partnered with Sucuri.net to provide a scanner to check for malware and for any search engine malware status.

    @Maria Allen Please feel free to contact me shashib at network solutions if you still need help. We have a dedicated team for customers affected by this issue and would like to know more if the issue is unresolved.

    Thanks,

    Shashi

  54. Vox Pop Design – Wunderkammer, May 14th, 2010 Says:

    [...] GoDaddy Misdiagnoses Platform-wide Exploits – Under Vox Pop Design I manage a number of “experiments”. These are websites that require a degree of time investment but are invaluable from a learning perspective. Because of their limited scope I usually just host these with GoDaddy for the low price. No more. About a month ago I noticed that a Pligg-based site had been compromised and was serving malware to unsuspecting visitors. Some frantic password changing, site scrubbing, and contact with GoDaddy later things were restored but with a stern accusation that I had not kept my software up to date. That was a bullcrap excuse but I kept quiet; I was just glad to have things back up. Another two weeks and the site was compromised again. After some research I learned it wasn’t just me – apparently a good portion of all GoDaddy’s hosted sites using PHP (including WordPress, Joomla, Pligg, etc) were repeatedly being infected despite otherwise diligent maintenance and security. The base64 stile infections, including hacks named holasionweb, Cechirecom, and Ninoplas, continue and suggest a misconfiguration on GoDaddy’s servers. GoDaddy’s response? GoDaddy maintains users simply need to “update their WordPress software”. Meanwhile, Bob Parsons (GoDaddy’s founder) is scheming up his next multi-million dollar softcore Superbowl commercial. [...]

  55. SearchCap: The Day In Search, May 14, 2010 Says:

    [...] Hosting With GoDaddy? Might Want To Rethink That Decision., Smackdown! [...]

  56. Writer Says:

    Brings to mind when I had one, then two clients whose sites were not being crawled all of a sudden. It was clear the GoDaddy server was disallowing the Google crawler. GoDaddy told me to “call Google.” It got much, much worse. … Long story short, both sites were back to a robust crawl within a day of leaving GD and being hosted on Gator.

  57. The CyberJungle Says:

    Well done Michael VanDeMar, and great comments….An analysis of this story will be featured on The CyberJungle radio program. The CyberJungle is the only live newstalk program on data security, privacy, and the law. Listen live Sat 10a-noon PT / 1p-3p ET on http://www.KKOH.com . Podcasts anytime on http://www.TheCyberJungle.com . Podcast edition of the program will post on Sunday.

  58. Elizabeth Able Says:

    Smug, ignorant web host tech support is evil. In a fair world, they’d react as if they’re personally liable.

  59. Andy Smalley Says:

    I’ve been involved with the community @ iThemes that have experienced the same mishaps with GoDaddy…. They’ve got a great tool anyone can use to evaluate hosting and servers, and would highly recommend the plugin. It’s called ServerBuddy, and can be found @ pluginbuddy.com. Also need to give them a shout of praise for the BackUp Buddy program….one click backup & migration plugin for WordPress… It’s AWESOME, and easy fix if you need to change hosting.

  60. May 15, 2010 – Episode 137 « Says:

    [...] him on the head and tells him to go away.  This happens with surprising regularity. In this case, Smackdown blogger Michael VanDeMer writes about a spate of hacks to blogs hosted by [...]

  61. Hobo Says:

    You. Briliant. Them. Ignorant. What a f*&^ up well outed.

  62. Manish Kumar Says:

    Michael, you are perfectly right. I am a web developer and am working on a site for one of my clients. The site is in Joomla 1.5 and hosted with GoDaddy. The site was injected with Malicious code on 11th May 2010. On calling GoDaddy, they redirected us to following URL:
    http://help.godaddy.com/article/5612?
    and as mentioned there, I cleaned up all the code and changed all the passwords and site worked fine. But somehow the problem came again today. I did some debugging and found that at the bottom of my site a script was being added from following URL at the bottom of the page:
    http://holasionweb.com/oo.php
    Please no one try to visit this URL as this will inject virus to your system.
    This is the same URL as you have mentioned in the plan_erich_php.php file. So it proves that your finding is perfectly right.
    I will again upload the clean code and will do joomla upgrade. But I just wonder if this is enough.

  63. manny Says:

    I used to use godaddy. there hosting is slow … and so confusing just like there domain service. They should really consider renaming them self to gorandpa.

    i changed my self to http://fathive.com. everything is great since then.

  64. D B Says:

    I checked my server logs and can see a large number of attacks looking for the web links as listed below. The user agent (forged) is Mozilla/5.0+(compatible;+Googlebot/2.1;++http://www.google.com/bot.html)

    So my best guess it that if you have PHP on your server and have any one of the following, your at risk.

    /administrator/index.php
    /joomla/administrator/index.php
    /site/administrator/index.php
    /cms/administrator/index.php
    /content/administrator/index.php
    /home/administrator/index.php
    /main/administrator/index.php
    /portal/administrator/index.php
    /web/administrator/index.php
    /v1/administrator/index.php
    /v2/administrator/index.php
    /j/administrator/index.php
    /en/administrator/index.php
    /joom/administrator/index.php
    /Joomla/administrator/index.php
    /joomla1.5/administrator/index.php
    /joomla15/administrator/index.php
    /joomla2/administrator/index.php
    /joomla1/administrator/index.php
    /Site/administrator/index.php
    /site_old/administrator/index.php
    /Site_old/administrator/index.php
    /cms_old/administrator/index.php
    /joomla_old/administrator/index.php
    /CMS/administrator/index.php
    /test/administrator/index.php
    /backup/administrator/index.php

  65. Kris Says:

    My blog was hacked several times as well. I wiped it clean and tried a fresh install, and was hacked several days later. I had been running the latest version of WP, and had some security measures in place. After spending countless hours I finally emailed GoDaddy tech support to see if they could offer me any direction in fixing the virus. I got a response stating they looked at my site and found several php files that were infected, and deleted them as a courtesy. I logged into my dashboard, and everything was back to normal, but when I clicked on a previous post, it was gone. In fact, all my posts are gone. I emailed them back and told them my posts were deleted. Their response to this??? Sorry, we don’t offer support on WordPress, and they literally typed out http://www.wordpress.org and told me to look there. I can’t believe that I have to think about moving all my sites as well as all my clients sites away from GoDaddy. I just asked for help to do it myself, never pointed my finger or anything. I have recommended them so many, many times in the past…and just did again. Thank God the company hasn’t switched yet. It was a toss about between Network Solutions, and HostGator…I’ll be investigating both.

    It’s a shame GoDaddy got big and started to treat their customers like this. I really liked working with them in the past.

  66. Dan Says:

    I got WordPress hacked, but I was using Dreamhost. It was an unpleasant experience to say the least — almost made me long for the says when I updated my blog and rss feed by hand, using a text editor (a long time ago).

  67. Nick Armstrong Says:

    I can attest to the fact that GoDaddy is getting hit fiercely and nothing on the user-end can fix it.

    Most of my 18 GoDaddy-hosted WordPress installations were up to date. I’d even updated my .htaccess file to be EXCEEDINGLY restrictive about external points of entry.

    I had 18 domains running WordPress on the same account (I’m a prolific blogger). Each one hit. All of my clients… also hit with a bit of injected PHP – leaving a bit of encrypted javascript iframes or something at the top of each .PHP file. This is the third time in two months that it’s happened (one site even got hit RIGHT AFTER I cleaned it off).

    I contacted support with the issue, they seemed to have no idea what I was talking about. I told them (having received their “Make sure you upgrade WordPress today!” warning and had several clients forward theirs) that the installations WERE up to date.

    GoDaddy Rep: “Oh, well, you can go ahead and ignore that warning.”
    Me: “Sure, but I’ve still been hit and have no more options on my end. WTF, man?”

    The best thing I can think of right now is to:
    1) have a clean, offline backup of all your plugins, your theme files, and your config file.
    2) when you get hit, just download a clean copy of WordPress and upload it, replacing files only where the size is different (a massive chunk of encrypted php accounts for about 2-5kb, btw.)
    3) upload your clean version of your plugins, your theme, and your config file, and you should be good to go.

    If you’re still noticing your site acting wonky, it’s likely there’s an infected file sitting somewhere with that block of junk at the top.

    What a bunch of jokers GoDaddy… Help us to fix the problem, don’t pretend like it’s our fault. Not all of your customers are so easily distracted by the GoDaddy Girls.

    -Nick Armstrong

  68. Peter Says:

    @Kris: Network Solutions was the first one to get hacked, even before Godaddy :-((

    BTW: Godaddy got hacked again this morning May 17 :-(((

    Luckily I know how to clean it fast… The only problem remaining is “HOW THE &&^^%% TO AVOID THE HACK”

  69. Maciej Says:

    I just really don’t care to use GoDaddy for much. I purchase my domains there but I run them through another server. Never had that great of experience hosing on GoDaddy.

  70. Best Hosting Company | EZebis Says:

    [...] of hacking attacks on WordPress blogs at godaddy.  I was not surprised to read Smackdown blog post Hosting With GoDaddy? Might Want To Rethink That Decision where he said: That was when it struck me… GoDaddy was claiming that this wave of WordPress [...]

  71. Peter Says:

    I adapted a short and simple script that lists all infected files, prompts to clean them and lists all cleaned files. See this post http://bit.ly/c2yGCP

    Hope it helps cleaning…

    But how do we prevent the hack, is still a mystery…

    p.

  72. Monday’s Social Media Caffeine Buzz | Hoggan Blog Says:

    [...] Hosting With GoDaddy? Might Want To Rethink That Decision Do you use Godaddy for any of your web hosting?  A lot of people do, including me. I run a few smaller blogs on the platform while I use a much larger private server that runs on the Amazon cloud for any commercial projects.  Apparently blogs using wordpress on the Godaddy servers are vulnerable to being hacked.  This in-depth article has all you need to know about fixing the issue. [...]

  73. Notes on WordPress security | Andrew Nacin Says:

    [...] WordPress is incredibly secure, and we also take security very seriously. E-mail security@wordpress.org if you believe you have discovered a vulnerability. All indications are that these are server and hosting configuration issues. Network Solutions admitted the hacks infecting their users were their fault, while GoDaddy is demonstrating arrogant cluelessness. [...]

  74. KC Says:

    I host a wordpress site on Godaddy, I was hit last week and *today* with the malware attack. I’m so glad I’ve been reading up on blogs that mention this is actually a security risk on Godaddy’s side. Called them, no help whatsoever, they actually sent me a link where it gave me two short paragraphs that did absolutely nothing.

    How easy is it to move hosting providers? I don’t have the time to deal with Godaddy’s “issues”.

  75. Weekly Search & Social News: 05/11/2010 | Search Engine Journal Says:

    [...] Hosting With GoDaddy? Might Want To Rethink That Decision. – oh and speaking of losing it, Micheal was also on the war path (wow, lively bunch this week). I had been hearing a lot about this over the week, great job of laying it out [...]

  76. ct web designer Says:

    I’ve had this issue with them for over a year now, and I use gobbledy-gook for usernames and passwords for exactly this reason. Even so, we have had the eval() attack hit non-wordpress sites, a clear signal that it’s a problem with the GD hosting environment, and one that they are patently unwilling to look into.

    When your single page, adsense “website” is getting this attack pushed onto it, it’s not a wordpress flaw. It’s a hosting security issue.

  77. Greg Watson Says:

    This has been GoDaddy’s standard operating practice. Corporate culture, ethics, and standards flow from the top. I’ve been surprised that GoDaddy’s hasn’t been sold, Bob Parsons has been a brilliant leader in creating business’s and selling them at huge profits. But his leadership regarding ethical practices speaks for itself – corporate culture flows from the top down. Todd Redford’s example above is prime – deflect but avoid actually addressing or correcting ethical problems. Having personally spoken with their media department, their standard practice is consistently to “posture” as engaging but with no apparent intent of actually correcting lapses, ethical, or questionable practices. Todd certainly appears to be “posturing” … deflect and appear engaging. But is there any sincere “intent” to address underlying issues? The author Michael VanDeMar above offered to provide technical assistance but did Todd Redford in his post follow up on this offer? Or did he simply attempt to “appear” engaging but with no intent of actually following up?

    It appears obvious to me … hopefully your readers can weigh words versus actions and judge for themselves …

  78. Marj Wyatt Says:

    I’ve been a GoDaddy client since 2002. To date, I’ve only had one wordpress account that I own hacked, and that was the 2.8.4 problem.

    From your description, I’m understanding that this problem occurred on shared hosting. I’m still with GoDaddy for my business website and primary blog but I have a dedicated IP … which may eliminate the risk of intrusion because my websites are on another and perhaps more secure server. The expense for this is a whopping $36 more a year. If it provides peace of mind, why not?

    Using the “one click install” at any host may be easier but it is not necessarily the wisest choice for wordpress security. Conventional wisdom is that managing a wordpress site is easy … perhaps because the software is free. The truth is, folks need to roll up their sleeves and learn something about the software, including how to keep it secure. One may need to get a little “mud under their fingernails” and be forced to dig into MySQL to shore up a few things too.

    The same things goes for free templates. There are millions of sites that offer them, and some are beautiful too, but the first thing everyone should do when they download a free theme is to investigate the scripts for encrypted code. I’ve done this since 2004, when I first began fooling around with WordPress.

    I rescued client blogs from the Network Solutions debacle a couple months ago. Matt Mullenweg would not dignify complaints about his software when the proverbial crap hit the fan but, the truth is, WordPress is popular and hackers go after popular things that are well documented, such as WordPress is. Maybe the only way to be certain that your wordpress websites are secured is to run the software on your own servers. But then there is all that freeware out there so you are still at the mercy of the plugin creator. How about Linux itself?

    We can live in fear of hackers, and choose to blame one hosting service or another, but that only keeps us stuck. Hard to get anything done that way.

    I’m considering leaving GoDaddy, but not because I feel their service or support is bad. GoDaddy’s shared hosting service does not support WPMU in the way that I want to implement it. I’ve had a good run with GoDaddy and would recommend their services to anyone.

  79. Anita York Says:

    I had to file a complaint with the BBB against GoDaddy to get my issue resolved. Enough said.

  80. Michael VanDeMar Says:

    @Marj – Not getting hacked yet does not mean that you are safe, and having a dedicated ip does not mean that you are on a safer hosting environment. It may not even be all shared servers that are at risk at GoDaddy… but it sure is a hell of a lot of them. Gratz at not getting hacked so far, but that doesn’t make GoDaddy ok, not by a long shot.

    And just fyi this is not “one click” installs that are getting hacked, it’s not even just WordPress. It has nothing whatsoever to do with downloading themes with code in them, and even though it may comfort you to blame this on webmasters being lazy it is not the webmasters fault that they are getting hacked.

  81. Clive at BlogBriefing.com Says:

    @Marj – ditto re the above. When my clients tell me that their ‘secure’ ( all good security and update practises in place) WordPress blogs have been hacked – and these are sites are using ‘serious’ Premium themes and not some silly free theme + minimal plugins then can’t we all just agree that it’s a hosting vulnerability ( GoDaddy or Whoever.com).

    Constantly referring to the poorly informed clowns who download every free plugin and free theme is not addressing the fundamental issue which is that the hosting company has been hacked – not the individual user ( no matter how good, or poor, their WordPress security is).

    Let’s face the facts: Godaddy and the other providers that have been hacked need to get off their complacent backsides and address the issue, inform their clients of how they are doing so and to re-train their Support Staff to come up with answers and not ‘silly, get off the line, excuses’.

    Pretty straightforward really! I know if I was running one of these hacked companies what I’d be doing. “Heads can roll later – let’s fix the problem!” would be my credo.

    It doesn’t help with this ‘hands in the air’ and ‘passing the buck’ BS that seems to be going around at the moment.

    Any company that’s been hacked, keeps me informed and hopefully, eventually, tells me what they’ve done to fix the issue will have my full endorsement and future business.

  82. Marj Wyatt Says:

    @Michael VanDeMar …

    To be clear, the intention of my reply was to NOT lay blame on anyone or anything and I don’t consider choice of hosting services to be a religious war. I sure would not choose Network Solutions, however. I also think that “the most popular” service isn’t necessarily the best service when features and functions are compared objectively.

    I also don’t feel “safe” anywhere online so please don’t read into what I wrote by putting those words in my mouth. :) I was merely presenting ideas for shoring things up, no matter where you are hosting your sites.

    There are a lot of “moving parts” to any website. Hackers are malicious and they’ll find their way in, if that is their goal.

  83. Michael VanDeMar Says:

    “The expense for this is a whopping $36 more a year. If it provides peace of mind, why not?” – here you are suggesting that the problem can be soved by webmasters not being cheap.

    “Using the “one click install” at any host may be easier but it is not necessarily the wisest choice for wordpress security.” – here you are suggesting that the problem is that the webmasters are not doing enough manually themselves.

    “One may need to get a little “mud under their fingernails” and be forced to dig into MySQL to shore up a few things too. ” – here you are suggesting that by by doing these manual tasks the webmasters could have had some control over whether or not they got hacked on GoDaddy. This bit in straight misinformation, and indicates you don’t really have a grasp of the situation, or perhaps that you commented after only skimming the details.

    In any other context, on a post on it’s own, your comments have merit. However, this is a post discussing the situation on GoDaddy’s servers, which I assure you is very real and not anyone’s imagination, GoDaddy’s refusal to do what is necessary, and their mistreatment of customers by inappropriately putting the blame back on them. “The truth is”, Marj, regardless of what your intentions were or were not with that comment, that is how they came across. And although I do recommend HostGator in the post, this had nothing to do with any kind of “my host is better than your host” argument going on anywhere else on the internet. This is strictly about one situation going on now at one company (and again if you read the post you would know that I acknowledge they are not the only host getting hacked… just the largest and apparently the most arrogant).

  84. Marj Wyatt Says:

    @Michael VanDeMar

    I don’t remember saying anything about webmasters in my initial post so I still think you are reading too much into what I wrote. I was addressing DIY-ers.

    I might argue that Network Solutions is far more arrogant and that their support is pitiful.

    Thanks for your agreement with what I wrote, @Clive at BlogBriefing.com.

  85. Michael VanDeMar Says:

    @Marj – “webmasters” are people who own websites. I have no idea what distinction you are trying to make.

    If you Google [network solutions thieves] you will see this blog come up first. Generally speaking? Not so much a fan. However, in this instance they were far faster at admitting they had a problem (and actually asking for help from developers, from what I understand) than GoDaddy has been. Coming from me, to say that NetSol had a better response than GoDaddy is pretty damn big deal.

    Lastly (lastly from me, anyways), I think the fact that you are thanking Clive for agreeing with you speaks volumes towards whether or not you are actually reading what is being said. As far as I can tell he wasn’t agreeing with you.

  86. Marj Wyatt Says:

    Ok. I can’t read and my counterpoint was unwelcome.

    Good Luck.

  87. Daniel Tunkelang Says:

    So, I started this morning finding out that my blog had been hacked for the second time in a week–both times a PHP injection attack. But GoDaddy customer support was very responsive, and I’m back at full steam now. They seem to be taking this wave of incidents pretty seriously.

  88. numbersguy Says:

    So GoDaddy has ramped up the paid advertising to offset the loss of customers, as evidenced by the recent deluge of TV ads during sporting events and the numerous discounts on domain names. This is costing the company big-time marketing dollars.

    My prediction is that the company will revive their IPO to raise oodles of cash for operating cash and so that the 4-5 bigwigs can “cashout”.

    However, imagine this: The President, CFO and IPO underwriters do “road shows” for financial analysts and others that they expect to push the IPO stock sale. At the road shows, they get hit with a bunch of *tough* questions about their security issues, class action lawsuits, examples of employee dissatisfaction and discrimination lawsuit (lost the appeal) with huge payouts, and, many other issues. Armed with questions we will provide, these financial analysts will drill the executives and understand first-hand why this company fails at the basic tenents of Sarbanes-Oxley requirements, demonstrating why the GoDaddy IPO is a huge risk to investors.

    Look for hot-to-handle questioning periods during these road shows. Guaranteed.

  89. average joe Says:

    I’m hosted with a GoDaddy reseller, which has a different brand name, but is hosted on the same servers. If I have a technical issue with code level or developer level scope, I don’t call in to general tech support because I understand that they are generalists, not trained programmers, and not trained as hosting server admins. I don’t expect the people that answer the phone to have my level of expertise, otherwise, they’d be too expensive to hire to answer the phones.

    What I do instead, is to submit a ticket through my hosting control center. This is generally escalated directly to the hosting support team, the same team that would get my ticket if I asked the phone support rep to escalate it. I save myself the headache by going directly to the people that are going to fix the issue.

    I think you are on to something, and you can do everybody a great service by logging in to your GoDaddy account, opening your hosting control center, and submitting a support ticket directly to the hosting team. Include your analysis, the name of the file, the decoded script text, and your recommendations for solving the issue. The ticketing system may reject the script text if you paste it directly into your online support request, so I recommend you wait for a response to your initial ticket, and reply to their response with your txt file included as an attachment.

  90. Maria Allen Says:

    After my website which is hosted by Network Solutions was attacked a week ago, I signed up with a Sucuri service to notify me if malicious code appeared on my site. Well, I just got a notification an hour ago. I couldn’t really understand the notification, but when I went to my site, a 404 error page came up instead of my homepage.

    The only difference between my remote and local pages that I could find was a page called .htaaccess on my remote site. I removed that page, and perhaps coincidentally, my site worked properly again. Can anyone tell me what .htaaccess is, and whether it might have been the source of the problem? I’ve been reading this blog to try to understand a little more about all of this, but it’s very complicated stuff. Thanks!

  91. Michael VanDeMar Says:

    @Maria – the .htaccess file can indeed cause a 404 to appear, and technically it can be involved in a hacking attempt, but it is also very normal to have one and especially in a WordPress blog. One of the things that a .htaccess does is it allows permalinks to your blog posts beyond the simple domain.com/p=999 format. It also works in conjunction with caching plugins to reduce load on your server.

    Did you happen to save the file before deleting it?

  92. Maria Allen Says:

    This was the code in the .htaccess
    It’s actually a website hosted at NS, not a WordPress blog.

    Options -Indexes
    RewriteEngine On
    RewriteBase /
    RewriteRule ^(.*)\.html$ ./htdocs/phplogin/includes.php [L]
    RewriteRule ^(.*)\.htm$ ./htdocs/phplogin/includes.php [L]

  93. Michael VanDeMar Says:

    @Maria – not being that familiar with the NetSol hosting setup I can’t tell you whether or not there would be legitimate reasons for that being there, but assuming that the includes.php file referenced did not exist it definitely would explain the 404 errors. It’s almost as if someone were trying to make your html files process that php script, although for what reason I could not tell you.

  94. Steak and Pineapple Skewers Recipe | Guilty Kitchen Says:

    [...] Seems the problems stem from my hosting site, GoDaddy (read more here.) [...]

  95. Carolina Dreamz » One of my blogs was hacked today. Says:

    [...] I explained again, in a little more detail, why looking at the section of those logs was very important, and if she didn’t have permission could she please escalate the ticket to someone who did. Again, she put me on hold. This time she came back and told me that they were uninterested in escalating it. via smackdown.blogsblogsblogs.com [...]

  96. Back to Basics | Brooke vs. the World Says:

    [...] but when contacted they couldn’t tell me what those vulnerabilities had been. Then, there was this article about why you should probably think about switching web hosts if using Godaddy that further opened [...]

  97. Mark Roussey Says:

    Michael, this difficuly you encountered is endemic at GoDaddy; they have a culture of Narccism that really has destroyed their reputation among those of us who webmaster for a career. I too was lured into putting a few customer sites there (and still have one…for now…), but moved them off when I encountered:
    * problems that were mysteriously “fixed” only when I called in…but with no explanation as to why/how…
    * cheap hosting plans, but ridiculous email account constrictions
    * pleasant, but sometimes not really helpful 1st-tier support that wouldn’t escalate the problem they couldn’t solve
    * circuitous, very poorly organized menues to access domain and hosting controls. You almost need to call every time.
    * Arrogance from the support staff any time you might suggest a better way to accomplish something. You see, the GoDaddy way is the best way…we just aren’t at a level to appreciate that…

    They just do not listen. Like you said, too busy looking for the next pair of titties to flash on a commercial to focus on basic business improvement. Oh well, good thing that there is no shortage of hosts…

  98. Arwen Taylor Says:

    One of my client’s sites was hacked for a third time yesterday and this is after a fresh install of everything and changed passwords. One thing I noticed is that FTP access is automatically enabled in the WP admin so that you can update plugins and the core from the back office. I’m looking for a way to disable this because I feel like maybe this has something to do with the hacks. Do you know how to turn this off?

    In my own personal sites, which are not hosted on GoDaddy, there is a place for me to enter the info manually but that doesn’t seem to be available on their site.

  99. chrisneglia Says:

    You think that’s bad? Try hostingrails. When they got acquired and updated their database/cpanel, they destroyed all my user grants, causing all my functioning dynamic sites to be inaccessible in one fell swoop. And never apologized. I had to go in and recreate them. When i sent in a support ticket to restore grants from backup, they were all like ‘whuuuut?’ fools. when I recreated the users, i noticed the names are truncated because apparently they upgrated to a newer version of mysql in the mix, which has char limit restrictions so their scripts were temporarily broken. So, don’t host with them. They are foolish fools who dont’ know what they are doing. As a customer, I should not know more than they do about what they do.

  100. Greg Says:

    A subdomain on a site I have hosted at GoDaddy has just been infected again (fourth time in 3 weeks).
    Identical exploit, different domain name, same IP name.
    Weird but a Modx site (php) on another subdomain is not effected (yet).
    Last time Modx, WordPress and any php outside the apps was infected.
    This install of WordPress was a clean install of a new site, new passwords etc.
    The fact it has happened on the same server, same domain. Makes one assume GoDaddy is no closer to securing the whole server.
    These guy’s have unrestricted access to any site on this server and any talk of it being the application or lack of maintenance by the site owner is not the whole picture despite GoDaddy claims to the contrary.
    I am more fortunate than most, this site is my own home page (a bit experimental and not a client site) so apart from wasted time I can live with it.
    These attacks have actually done me a favour and exposed how bad php shared hosting is as a business model, albeit a very cheap model.
    I am moving towards cloud hosting asap, some providers even offer free hosting for development work.

  101. Mark Forbush Says:

    Our site at Go Daddy has been down for over 10 hours. They had a problem with the server. With today’s technology, no web server should be down more than 15 minutes. After escalating it all the way to the president’s office, they answer was the same “We are working on it”. They could not give me an estimate when it was going to be fixed. How sad is this. They have no idea after 10 hours how long it will take to restore the data. I could have setup several servers and restored the data in this amount of time. Being unable to estimate the time to recover a server and the data just shows they have no clue what they are doing.

  102. Raj Says:

    Godaddy is crap.
    They should be chased away from hosting business and should be left alone with domain registration services.
    About 10 wordpress sites of ours too got hacked..

    Their support team just copy/paste answers from knowledge-base and they really don’t have any knowledge.

    They were unable to fix simple php.ini thing on my account and keep on saying that our sites are hacked therefore its not working and then they don’t provide scripting support.

    Later on I myself found its not working coz php.ini should be named as php5.ini
    Perhaps Bob Parson has no time to look at the quality of support provided by his company and instead is all time just busy with his girls.

  103. Shane Says:

    I’ve just found this thread after reading about these hacks and I’m now concerned. While I haven’t been hacked yet, I am new to WordPress and am currently building sites using it, all of them hosted at GoDaddy. All of the sites I’ve built previously have been with ASP.NET or simply .ASP, so I’m very new to PHP code. I have had very little problem with the .ASP sites being hacked (it happened once, but didn’t destroy anything), and I’m wondering if the hack is relevant to the type of hosting (Windows or Linux). I use Windows, only because I built sites in .ASP, and all my WordPress sites are on a Windows server environment with IIS7.

    Are the hacks specific to Linux or can they happen on a Windows server as well?

  104. Out of the world « ihumanable Says:

    [...] taken steps to prevent such a hack from occurring, I couldn’t figure out what had happened. Then I saw this and realized that is exactly what had happened to my site. I felt a little bit better that this [...]

  105. Bry Says:

    I use http://www.Cheap-domains.IT and their auto Joomla Installation wizard. Never had an issue and used them for 6 years.

  106. Greg Says:

    All the hacks on my site were infected PHP files (linux hosting) so I assumed the issue was PHP related, some Javascript calls were installed via PHP but no existing scripts altered and HTML was untouched, on the WordPress site the CSS structure in the admin page just disappeared.
    I have followed a lot of threads on this issue and don’t recall any comments on specific server types (ie Windows vs Linux).
    As a devout Linux user (including personal operating systems) I would like to think Linux is not the issue but maybe it is a hole in Apache Server letting them in or more likely the way Goddady configures and maintains it.
    I am sure it is not the apps that are at fault because the infection on my site went across three different applications, all PHP based, all were current versions and all differed slightly in the way they were secured.
    Whatever the cause of the security breach the real issue for me has been the way Goddady managed it, or didn’t manage it, would be more accurate.
    My only real feed back from them since the last attack has been a quantum leap in the number of promotional emails offering me ( and I guess everyone else) discounts on hosting and domain registration.
    It feels like their solution has been to let those customers who are dissatisfied to just wear it or walk and replace them ASAP by mass advertising.
    I am a realist about the limitations of shared hosting and this second round of attacks has made me look to virtual dedicated servers or cloud hosting for the future; where previously I would have looked to goddady to upgrade, I would no longer consider them for anything but domain registration, given their disgraceful management of this issue.
    Rather than worry about whether Windows or Linux is more secure I would be more worried about who is maintaining the system whatever it is. Goddady have a lot of ground to cover to regain any credibility in server security and customer management.

  107. Kenya Web Hosting Says:

    I love to hear positive contributions about hostgator. This guys are truely helpful. I have my dedictaed server with them and any time a trouble come calling, they are ever there to assist. What is even more amazing is their response to problems. I compare hostgator to non other. I am a host provider but I have always dreamed to reach their level.

  108. Mona Says:

    I have a WordPress website on GoDaddy and my site has been slow recently and intermittently down a few times the past few days. I did not upgrade to WordPress 3.0 until today. How do I know if I was hacked and how do I fix it?

  109. Gary Says:

    I recently had a Godaddy hosted WordPress Posts populated with redirecting iFrames. The WordPress files themselves were unaffected, just the database was ‘corrupted’/hacked. After much research I discovered that I certainly wasn’t the only Godaddy hosted site to be affected.
    The thing to takeaway here is that just because a Site runs WordPress doesn’t mean that every hack-attack is because it is a WordPress Site!

  110. Doc Says:

    Good point, Gary. I think Mullenweg’s crew has done a pretty good job of making the platform safe, but anytime you start tacking a bunch of open-source stuff on, you may be opening up a Pandora’s box of new vulnerabilities. Aside from that, with WordPress’ growth rate, I think it was inevitable that hackers would start to focus on it. The idiots see it as a challenge, I suppose. Any “new gun in town” becomes a target, once they get big enough to attract attention. WordPress is definitely there!

  111. Jenn Says:

    So, what do you do when they are getting maleware on an html site? All of my sites seem to be systematically getting it and I just re-uploaded my waterbeads4plants.com site and it still says I have the maleware. Not sure how to get it off.

  112. Michael VanDeMar Says:

    @Jenn – your site is in php and has a WordPress blog attached to it, so I am not sure what you mean by “an html site”. You probably have a backdoor somewhere on your site somewhere that you are missing. Do you have more than one site hosted on the same account? I would check those as well if so. Also, please check out my hacked WordPress cleaning guide, it might help you out.

  113. D.J. Elliott Says:

    In early July our GoDaddy site(s) were hacked. We are not even a WordPress site. PHP files were added to the site and other files had lines of code added. It took days to get the site cleaned up…we are attacked over and over. GoDaddy insisted to my client that it was our problem and not theirs. I don’t know, but I found the PHP file on our site is well-known malware. I can’t help but wonder why Godaddy doesn’t do a sweep for malware files.

  114. Pat Says:

    Can anyone help?

    I have been with GoDaddy for years and just had my first hacking. I purchased a new domain on 8/2/2010, and installed WordPress 3.0.1 (can’t get any more updated than that).

    I mmmediately went to work on my new blog. But when I tried to install a plug-in, that’s when I found it had already been hacked. When I click to install a plug-in, I get a window that says, “Are you sure you want to install this plugin?” And when I click yes, Avast gives a virus warning and the blog redirects to http://ns2.wheelerairservice.c.....mysite.com . . . .

    I find it hard to believe this is WordPress. It happened too fast. Go Daddy was useless. They sent me a silly email with an overview about how to detect and prevent malware. They said it appears someone hacked into my hosting account and there was nothing more they could do.

    Please help me. Why is the attack only affecting plugins and what can I do to get rid of it? Any suggestions? I want to get moving with my new blog but I am stuck at square one. I have 15 other blogs hosted with Go Daddy & no problem.

    Keep in mind I am not a techie at all. Please dumb down your reply. I beg of anybody. Not too proud at all.

    Thanks.

  115. Pat Says:

    If it helps anyone else, after finding I had 10 more blogs infected, I called Godaddy and calmly asked, “How much will I be refunded if I were to transfer my hosting?” He immediately asked me why I wanted to transfer after being with Godaddy for so long. I calmly explained why . . . e.g., I told him, “There’s malware on my blogs/server and I’m tired of messing around with it and would prefer to just drop Godaddy and start fresh somewhere else.”

    He then spent 45 minutes on the phone with me and when I hung up, all the malware was removed. Godaddy “does” have the ability to quickly scan for malware AND remove it.

    I don’t know if I will be reinfected. All passwords everywhere were changed and I am safe for the moment.

    I don’t know if I got lucky and got a good guy on the phone or if it’s because of all the money I have paid Godaddy over the years, or both.

    Whatever, I am grateful.

    Good luck to everyone.

  116. Greg Says:

    Unbelievable that this is still going on, look at the dates on the first comments.
    In any other market sector Godaddy would have been sued within an inch of their life by now.
    I hate to say it again but changing passwords, reinstalling, cleaning files et al, did not stop my domain being reinfected 4 times in as many weeks, basically these attackers can enter Goddady servers at will.
    It just appears to be a matter of luck whether you are hit, while good site housekeeping practice is important, it will not protect you fully.
    The only common denominator on my domain was files written in PHP (not just WordPress).
    I still have a few sites running on Godaddy but will move them as hosting expires and all new project’s are being done in Ruby on Rails (very steep learning curve) and deployed to “cloud” hosting (cheap and nothing is written to disk on the server, ie nowhere to leave a malicious script if they can get in).

  117. Michael VanDeMar Says:

    @Greg – just so you know, I have seen hacked sites on a cloud setup before, and I have seen entire php scripts embedded into the database as well. You need to make sure you go through your database very carefully when doing a cleaning… it’s why many automated cleaning processes don’t cut it.

    I am not saying that GoDaddy is in fact safe, because I do not know. I am just saying that I have seen some very cleverly hidden back doors in some of the sites I have cleaned. If you want me to take a look at one of your sites after you have cleaned it, see if I might be able to spot something you missed, let me know.

  118. Greg Says:

    I guess nothing is bullet proof but these guy’s seem to be going for the low fruit and Godaddy seems to be very easy picking.
    Why is PHP targeted so heavily? It gives the impression of being insecure compared to say Java or Ruby.
    Pity because I love WordPress as a platform, if you just want to blog it’s the only way to fly.
    I did not clean my sites, I just destroyed them and started again with new installs, new databases and new 10 character 6 digit passwords, it didn’t help.
    On one install I was actually infected while online putting up the first post (very boring).
    Will keep your offer in mind (thank’s) for the two WordPress sites I still have, which so far have not been touched (they are on Godaddy) but they are pretty low volume sites not in the root folder of the domains they are on, don’t know if that’s relevant but I have lost sites in the root folder while subdomains have escaped infection on other domains.

  119. pcadmin Says:

    I am making a very educated guess here……GoDaddy’s e-mail servers are infected which is why for over 2 weeks now they keep getting blocked by Microsoft (MSN & Hotmail)and Yahoo.

    I sent out an e-mail today and got bounce backs from addresses I did not send to and my system is totally clean.

    I called GoDaddy this morning regarding bounce backs of legitimate e-mails sent by my clients to legitimate MSN, Hotmail &Yahoo accounts. They denied they were being blocked again. BS!

    When I got home this evening I checked my e-mail. I had sent an e-mail to one of my contacts at Dell this morning and in my Inbox this evening was a bounce back from GoDaddy with a bunch of e-mail addresses that I obviously had not included in my e-mail. After scanning my computer (just to assure myself that it was not me, which I knew) I called GoDaddy and told them that I believed their mail servers were infected and that explains why they keep getting blocked. I was asked, infected with what?? Oh gee, here we go again….ummm, Malware, a virus, a rootkit, how the heck would I know what the infection is….I am sure they know!!!!!!!!

    Bob Parsons needs to take this seriously. Your customers do not like being lied to nor treated like we have no clue as to what we are talking about.

    After mulling todays events over in my head I called back. I explained to the rep that since I believe their mail servers are infected that I was worried that their hosting servers were infected also. I have clients with online storefronts, etc. The guy got a little nasty tone in his voice and said my e-mail issue had been escalated and blah blah blah I would hear in 1 to 3 days via e-mail as to what might have happened. Mail servers are seperate from hosting. Really, that’s all you have to say….they got your e-mail servers….how can I be sure that they haven’t gotten to your hosting servers????

    I responded that I couldn’t believe that they aren’t taking this seriously….would GoDaddy be honest and say if they are/were infected. He said “They have to tell us”. I responded, Really???? that all I got when I called this morning were lies lies and more lies. He did not like that. Too bad! This is serious stuff boys and girls!

    Oh and I saw a comment from a Network Solutions person in the thread………they lied lied lied about their issues in May also and they lied last week about AT&T blocking them, and they have always lied which is why I switched to godaddy in May and have been moving my clients to them……….damned if you do and damned if you don’t.

    I do agree………..all the hosting providers at some point have issues but the thing is……..BE HONEST. Inform your customers and inform them fast! Apologize profusely especially regarding this issue………..your e-mails are being sent to people you don’t know and you don’t even know it.

    Never, and I mean NEVER send anything via e-mail that has “sensitive” information. If you really need to e-mail “sensitive” information, use encryption!

  120. Randy M. Says:

    9 times out of 10 the ‘mystery’ files are simply uploaded by hackers through FTP. Be sure to change not only your WordPress passwords, but every FTP account and database password. Malware infections in webmaster’s own PC’s (some even caused by a previous WP hack) are a huge source of leaked FTP logins.

  121. Quite the Conundrum! « A Very Gulkin Gazette Says:

    [...] in WordPress, as in being disabled permanently as an administrator, or having your account hacked (as documented here), there is absolutely nothing that they will do to assist you.  As a matter of fact, they even [...]

  122. How To Completely Clean Your Hacked WordPress Installation | Smackdown! Says:

    [...] rather due to vulnerabilities with the actual hosts. Some of the bigger names that were hit include GoDaddy, Rackspace Cloud, MediaTemple, and Network Solutions, for instance. It is very important that you [...]

  123. Hacked on GoDaddy? I’ll Migrate You To Hostgator For Free | Smackdown! Says:

    [...] Yet again, I am seeing a rising number of sites that are reporting getting hacked at GoDaddy. It is also no surprise to me that people are getting limited responses from them when they try and find out what is going on. The GoDaddy blog mentions nothing recently aside from when they were hacked 2 weeks ago on Haloween (an attack that looks like it stemmed from GoDaddy not acting on a security advisory for 11 days). The thing is, I know from personal experience that they are aware of it, because I have seen cases where they are cleaning clients sites now automatically as a form of damage control, before the clients even know they were hacked, in an attempt to keep the buzz down about it. So they obviously know it is happening yet they are still keeping tight lipped about it, and being reactive instead of proactive, which is of course par for the course when it comes to getting hacked on GoDaddy. [...]

  124. Gee of georyl.com Says:

    I also have two scripts on my WP file which doesn’t sound like it belong there. One is bill_knows.php while the other is shannen_auria.php. Do you think these are hacks too? I’m with GoDaddy too.

    Thanks!

  125. Michael VanDeMar Says:

    @Gee – the names of the files like wouldn’t really be enough to know if they were hacked, you would have to examine the contents.

  126. Gee of georyl.com Says:

    Wow, that’s a quick reply michael. thanks!

    i actually am transferring to hostgator (yeah, i read your how to completely clean hacked site guide – and followed you). I’m just wondering if you have another how to guide for that because the ones you have in your guide was in the same server/host.

    I’d like to start clean. Would the following steps suffice because these are what I intend to do:
    1) back-up WP file from GD
    2) download back-up file on my PC
    3) import all posts/comments/etc using WP importer
    3) create an add-on domain at HG
    4) set-up wordpress via fantastico at HG
    5) change DNS settings at GD to point to HG

    I’m stucked here. I’m not sure if it’s the right move because propagation may take hours before I can access the sites and upload my imported posts/comments/etc. at HG.

    Do you think I’m at the right track? Or do you have an article about this that I missed?

    Thanks!

  127. No, GoDaddy, no! « The PaBlog Says:

    [...] ever having to enter a password. And when you add onto that the fact that there are more holes in GoDaddy’s security than swiss cheese it means that a determined hacker (like mine was) will have no problem getting [...]

  128. Chris Says:

    People, the hacks on Godaddy might have nothing to do with the files on your webserver, let alone with WordPress. The security on their shared servers themselves is nonexistant. I was able to access about 40 different godaddy joomla and wordpress config files today and view database passwords and everything. Good thing I’m not a hacker

  129. Unbelievable Says:

    Last night I was surfing Google Images looking at MRI slides. I forgot to turn my protection back on from something previously and mindlessly clicked a photo to read further info on a brain scan. Suddenly I found my browser locked up as the website launched Java.

    So I killed it all from Task Manager and spent the next few hours removing all the Trojan installers and resulting worms (it’s a new virus first reported weeks ago.)

    The last thing I did was kill the internet, then restart the browser in recovery mode to get the offending domain name. After a WHOIS I found it was reg’d at GoDaddy.

    I called them, and the tech could not care any less–he did a whole lot of talking and apologizing after everything I said, not actually listening to my points and questions.

    So I reported the domain as using fake WHOIS info to the proper link. I spent about 4 incident ticket exchanges with them, repeating myself and them repeating the canned “Please reply with the returned email” and “Please reply with a copy of the returned postal letter.”

    I finally got fed up and said to reply to me like a real human being. The last email I got was finally a bit more personal, thanking me for bringing it to their attention and they will contact the malware guy to ask him to update his WHOIS.

    They didn’t care one bit about the MALWARE and the 50 other domains the fake registrant (obvious fake name) registered the same day on Dec 18 that I told them about.

    UNBELIEVABLE

  130. Otto Says:

    I had no idea GoDaddy works like that untill now. I got an email from customer support saying that i have to remove some files from my server. They have specified the names of my files (nothing offensive, I had a few personal photos there). It means that GoDaddy clearly looked through my data on my server. They didn’t warn me politely, they went through my data and browse there. There is clearly no privacy with GoDaddy, you can’t trust this provider.

    btw I saw some php scripts that don’t belong on my server as well.

  131. lubos Says:

    I too found two strangely named php files in the root of my GoDaddy hosted WordPress site, with names quite similar to what you mention. However, it appears that (luckily for me) the files did not actually execute, so I did not have much cleaning up to do. The files were date mid-November.

    As far as GoDaddy hosting goes, I’ve been having absolutely terrible experience. My site goes offline every day for a minute or two, here and there almost every hour. I thought that perhaps moving from the shared account to the “deluxe grid” would alleviate the problem, but it seems that the only thing the upgrade accomplished was moving more money from my wallet to GoDaddy’s account. Customer service has been completely unhelpful, as they claim that everything works fine when they check the site.

  132. Steve Says:

    Thanks for the article. I get the same vibe from GoDaddy. Is GoDaddy so big they don’t care anymore? They probably think they can just ignore the small customers. I’ve had similar apathetic responses in regard to emails. I recently had one case dealing with a simple .htaccess configuration. For once they came through after a couple of phone calls read my rant here: http://primografix.com/godaddy-rant.html Thanks for getting the word out about GoDaddy!

  133. Russell Says:

    GoDaddy is horrible. They should just turn it into a nude site because all I ever see are these hot girls on the home page. However, their actual services in web hosting suck.

  134. Leo Brinks Says:

    I once again have to confirm that GD hosting is not as expected. I had few of my sites hosted with them when i started online business and they gave me real hard headaches!

  135. SemSeoWiz Says:

    The GoDaddy and WordPress combo are an absolute nightmare. I had a client with 2 domains and 1 hosting account and it’s been a day long adventure just trying to separate the installations. In the time it’s taken me to try and use WordPress with GoDaddy, I could have had 10 sites up and running… GoDaddy’s customer service was at least reachable on the phone but in the end, no help at all. Updating to a new host as we speak.

  136. WordPress Security .. Those Words Do Go Together Says:

    [...] admitted the hacks infecting their users were their fault, while GoDaddy is demonstrating arrogant cluelessness. [...]

  137. Beware of Godaddy Migration Says:

    Godaddy.com recently reassigned (or what they call ‘migrated’) my website to a new server to “provide [me] with increased performance and reliability”. Instead of copying my files over onto the new server and waiting for the modified DNS to fully propagate before removing the files from the old server, they simply ‘migrate’/move them. This process has caused my website to be down for 1-2 days.

    I called godaddy.com support and explained to their support person how they could manage this process better to avoid impacting my website but unfortunately they don’t either seem to understand or care (probably both). If they cared so much about the performance of my website, they have a funny way of showing it since it is now down.

    If you are considering godaddy.com for hosting, you should think again….

  138. kelly Says:

    I just recently hosted a new site with GoDaddy and it’s already been hacked twice in the past few weeks. I changed all of my passwords, deleted all of my files, and coded out an entire new site without using wordpress, but it was still hacked a second time within days. My other sites (NOT hosted with GoDaddy) have NEVER had this problem, and I’ve had them for years.

    GoDaddy gave me the “we’re not responsible for cleaning your site and keeping it protected” and it seems like they just want me to buy more options or something. I am definitely pissed.

  139. Steve Says:

    After subscribing to these postings for several months and having approximately 50+ sites being hosted on GoDaddy for my clients (on both Linux and Windows servers), I wonder how many people who have responded saying they’ve been hacked are using a database-backed web site and have NOT added SQL injection protection? I have one site alone that is attacked 10+ times per day, EVERY DAY of the year with SQL injection attacks and I’ve been able to hold off every attacker.

  140. Ana Hoffman Says:

    I came over here through Donna Fontenot’s recommendation to see what you had to say about GoDaddy.

    I am currently with Hostgator and keep having problems with them.

    I keep getting this email from them:

    “We have noticed a large amount of comment notification emails originating from your account regarding spam comments that are being posted to your blog. This indicates that your blog is being abused by spammers and resulting in a large number of emails being sent from your account. Abuse in this manner can lead to several issues including an
    increased consumption of CPU cycles and increased chance of spam complaints. In order to stop the large influx of spam notifications, we have changed two settings in your WordPress administartor dashboard. Under SETTINGS->DISCUSSION , we unchecked the box that says “E-mail me whenever Anyone posts a comment” and checked the box “Users must be registered and logged in to comment”.

    Can you believe it? They keep going into my account and changing my settings!

    I am at a loss as to what I can do at this point with them…

    Ana

  141. Michael VanDeMar Says:

    Ana, ok, I have never, ever heard of any host doing that. My gut instinct would be to raise hell, but of course it sucks if they shut you off for overusage too (which is something they do have the right to do). It’s hard to say which I would rather have them do.

    By the way, are you getting hammered by spammers? I have a couple of quick fixes that I had to put in place in order to keep them spammers bringing down this site a few years ago I can share, if you need.

  142. Ana Hoffman Says:

    Michael:

    I noticed that whenever someone posts a comment, including me, the following script is added to the email address:

    /* */

    I believe it’s the source of my problems. Have you seen it before; any idea how to deal with it?

    Thanks a million!

    Ana

  143. Ana Hoffman Says:

    looks like the script didn’t actually show up in the comment… I’ll see if you have a contact form; I could send it to your via that.

  144. Pilar Torres Says:

    Make sure any applications you have on your hosting account are up to date on the latest version. That is the way they hack you most times by looking for vulnerabilities on your code. Maybe an application you installed and forgot about.

  145. Heinz Says:

    I have 3 self hosted wordpress blogs hosted on two domains – 1 with wordpressed blog 1and1 , second with godaddy techblog whitershade
    Third open blog.
    There are vast differences between the hosting quality of the two.
    Whereas I have little problem with 1and1 (run on php5), godaddy keeps on frustrating me endlessly :
    - Numerous instances where W3 cache does not work
    - anytime a plugin is for update, you need to install it manually via ftp, sometimes twice.
    - (with 1and1 the same plugin works via autoupdate, php settings on 755 on both)
    - godaddy keeps on spamming my email with ‘offers’ endlessly, needless to say, I will not
    heed to their luring tactics.
    - overall, 1and1 is the better option, essentially I find it working better bandwidth, hassle free,
    ever since they changed their php servers 1and1 is the better option, without doubt.
    - I will transfer my domain once the contract will end.
    Bye godaddy, your cute chick on the front page can’t entice me any longer.

    Godaddy is a drag money making machine that has not much to offer except endless ‘special deals’ .

    < wordpressed Nice blog

  146. Cathy Says:

    I just want to start by saying I am not a knowledgeable technical web guru, just a basic user who coordinates & handles the websites for our small company.

    I started searching Google for answers because GoDaddy will not give us ANY help. When I came across this info it was all very enlightening! You all help the little unknowledgeable people like me greatly!

    Our problem is that we bought VDS space from GD to host our Magento based store. We also have another PHP web site for our sister company as well (catalog database only, not a store), which is very outdated programming but runs just fine.

    Someone from the office noticed that the Magento store will only load the landing page, but when you try to enter the store it is a plain while blank screen. No info, no error, just nothing. Every page is the same, even the admin area once logged in. After 3 phone calls to GD, 3 ticket submissions (which they claim they never got), NO answers from GD and 48 hours of consecutive headaches I spoke to our site programmer who suggested we take a look the /var/report folder, the /var/log folder and also the Apache logs. He thinks that we may have been hacked! OK…there’s no proof yet.

    I also think I know the date, because when I was logged into the server admin, I was able to view the bandwidth usage. Funny that up until August 4th we had normal traffic and from August 5th on…NOTHING! No activity…

    Did I mention that I HATE the fact that GD has no VDS phone support unless you pay $169.00 p/month to have special server assistance, so my only option now is Live Chat…YAY! I am waiting to hear back from their “Expert Hands” team on what they think the problem is…Live Chat guy left me with this: “Our support ensures that the server is operational. I have confirmed that your server is responding to ping and that the control panel loads without issue.”

    I have decided to move our hosting, domains, email and ALL our services to another company ASAP. Too bad for Danica Patrick…her boobs couldn’t keep us around, I’m more for the intellectual type, like the kind that can offer proper customer service, and fix the problems that their customers had nothing to do with!

    Sorry for ranting…but I feel a little better now.

  147. Go Daddy concurrent processes and Apple Mail | Ari Salomon: Art and Design Says:

    [...] a great post about GoDaddy and WordPress security This entry was posted in Web Design and tagged elephant kiling, godaddy, hosting. Bookmark the [...]

  148. Ramesh Says:

    GoDaddy’s is the worst ever customer support I encountered. Their email plans cost me money, cost me my reputation and ruined my business. I curse GoDaddy and wish they’d all die – honestly, they were that horrible!!!

  149. Sandeep Says:

    Am cut/paste ‘ing summary of my frustration with GoDaddy
    __________________
    is there anyone who can address the problem. 36hrs X 3 times previously and more than 8hrs down time already on this occurrance. All this in less than 30 days … and my anger is in ” in violation of your Community Terms of Service.”
    Is there a response mechanism!!!
    - Hide quoted text -

    On Sun, Oct 2, 2011 at 8:25 PM, wrote:

    24/7 Sales & Support: (480) 505-8877 – 24/7 Billing Support: (480) 505-8855

    Our support staff has responded to your request, details of which are described below:

    Discussion Notes
    Support Staff Response
    Dear Valued Customer,

    Your Community post was deleted because it was in violation of our Community Terms of Service.

    Your post:
    @timb The whole response thing seems to be a joke @godaddy!! You guys have a limited vocab and repeat yourselves on every post with blah! blah!….. The customer spends a lot of time (10 times your support teams contribution on problem resolution) on providing details of the issue and your support starts with denial of the existence of any issue whatsoever… forcing the customer to spend more time to defend his case of the issues existence. Then your support team acknowledges the issue and express inability to confirm an eta and the mail ends with something like… please let us know if we can help you with anything else… finally you never come back with a resolution confirmation and the cycle repeats ad infinitum. I should know… coz i am on the receiving end.

    Please feel free to rewrite your post to comply with our content guidelines and resubmit it. We value your feedback and comments and thank you for your continued participation in Go Daddy Community.

    Regards,
    Go Daddy Community

  150. Sandeep Says:

    GoDaddy Sucks!!! : Update on my earlier post above

    28 hrs and a promise of “has been relayed to our Advanced Technical Support Team. Our most skilled technicians will be working to resolve your issue quickly and completely. You will be notified promptly upon resolution.” 17 hrs ago and the problem is where its was. Please help!!!!

  151. Dear GoDaddy – Why I’m Moving Out Says:

    [...] cheap, easily hacked WordPress hosting for people who aren’t knowledgeable enough to find [...]

  152. Goodbye Godaddy Says:

    I have been hosting with Godaddy for about 4+ years.
    Over the past 1 year there has been issues with CRON JOBS not running consistently. (I run 6 per hour)

    They run fine for a few days then die for a few hours.. then fine again for a few hours and die again… totally random and across various websites/scripts (no change in script when it working to when its not)

    Godaddy accused me of crap coding in the php script which I had double checked by a qualified php expert who said its perfect and its impossible for it to be the problem.

    When the cron jobs stop working they don’t even fire off the email alert (optional) saying that they have failed.
    I killed my php file and wrote a simple php script that just logged the time of cron tasks.. guess what same results.. missing events.

    Anyway after many many many many phone calls – the Godaddy support team always did the same thing. Reset the hosting account cron manager and boom everything worked fine for about a day.. then it was faulty again. They would always say ‘see its working now’ and i would say ‘yes coz you just reset the server but it keeps happening’.
    After months of repeating myself and them doing the same thing. They refused to look at the issue properly and check to see if it was a failure on their system. So now I have now GIVEN UP.

    They have also become very very SLOW and I have tested both their US and EU servers.. and sometimes they just go non-responsive for 5 minutes but then bounce back as if nothing was wrong. Seems like its a routing issue.
    Either way Godaddy has gone BAD.

    Thinking of switching to Bluehost.. hope they are better.
    Anyway GODADDY hope you are listing now because your tech support sure as heck does not – bye bye to 8 top websites.

  153. Robert Mullin Says:

    My site was hacked 3 weeks ago and is written with wordpress and joomla.Hosted by Godaddy and they have not helped at all.My website developer left last year so I don’t know where to start.

    Thanks

  154. Loretta Bechert Says:

    I was just about to sign up for hosting with GoDaddy to use with WordPress. But I came across your article when I Googled: WordPress with GoDaddy recommend. After reading your article I see GoDaddy is NOT recommended. I appreciate your excellent effort to explain and document what the problem is with GoDaddy + WordPress. I would’ve thought they cared more and had better customer service/IT. I already purchased my domain name through them today but will now get hosting elsewhere.

    many thanks,
    Loretta

  155. conwayallday Says:

    Very nice article. I recently worked for a very small telecommunications company and one of the owners has his own company on the side creating websites. He uses WordPress and I know he does not have any real programming knowledge (neither do I outside of programming course requirements required in college).
    He had a few customers call in around the same time about their sites being hacked. Basically someone took their site down and posted the typical “This site hacked by numknutz” banner up. If I had to guess I would think the main issue/exploit lies in wordpress somewhere and possibly Godaddy having less restrictive policies than some other hosts. I think much of the issue lies in people who are similar to this guy, selling services which they really don’t know what they are doing other than filling in templates, etc. A secretary can use MS Word all day but have no clue what a macro is. People like this get hacked and have no idea what is going on so they lean on someone else (Godaddy or other host) to fix it or be the scapegoat. Not that I am defending Godaddy b/c I am not, but in a world full of WYSIWYG apps that do it for you people don’t have the knowledge of what is going on therefore they blame can’t lie with themselves. I doubt many WordPress users even have any clue how to use SQL for database management. If you don’t know how to secure your work you really don’t have any business pretending to be a web developer. WordPress is pretty nice but it does enable many folks to be pretenders at web design/development. If you are serious about charging money for websites I think you should have put in the time/effort to actually learn the basics or the entire process. This way if it does happen to you and you can prove that your webhost is at fault, then more than likely you were smart enough to backup your work and database or at least the people you charged for doing so.

  156. conwayallday Says:

    @Ana
    I agree that I don’t think that is right what they are doing by changing your settings but at the same time it is very possible they are correct. I recently tested phpBB for use with message boards. It did not take long for there to be a long list of posts/registrations/etc created by robots/spammers and I could see the possibility of this happening as very easy. You should force users to register and complete some form of anti-spam measure like a captcha or else your website would not be readable due to having to filter through spam. I would think that if a host had to go as far as logging into your account and changing settings it would have to be for a good reason else they would not have the need to do so.

  157. Michael VanDeMar Says:

    @conwayallday – perhaps you should actually read posts thoroughly before commenting. I clean blogs for a living, I am a developer, and these hacks were GoDaddy’s fault.

  158. Gee Says:

    @conwayallday, your defense of Godaddy on an article that’s almost two years old when you can’t share any of your experience with them as host sounds shady to me.

    i’m a webmaster whose sites were hacked at GoDaddy THRICE but never had problems after I transferred them all to another host. the sad part about GD customer service is that they put the blame on the users, which sounds just like you.

  159. Nonny Says:

    I hate godaddy… Below is from a client, about his Joomla site:
    ——–

    I wish I could provide more insight, but don’t know much about this. My perspective is that the site takes too long to open. Perhaps worth mentioning (or not) but the godaddy customer service person mentioned that getting software to convert php files to html may assist reducing load time. I’m not even sure what that means… I might suggest you speak with a customer support person at godaddy – as they’ve always been knowledgeable and helpful to me.
    —————-

    This is so ridiculous I don’t know whether to laugh or rant. ~Gosh~ let’s just convert all those pesky CMS-type sites to plain old html! What does Joomla need with php anyway?? We-ell, Joomla and WordPress RUN on php for one thing. Any reputable tech support person would know this.

    Godaddy is great at SOUNDING helpful but their advice is sometimes beyond ludicrous. They tell you all kinds of crap in the hope that you’ll just quit bothering them.

  160. C Anderson Says:

    The funny thing is that when you host with godaddy, their terms of services allow them to take your intellectual property. I just discovered this. For all the problems, anything you post on their site they can take and that specifically includes your intellectual property and copyrighted work.

  161. Bilal Zaheer Says:

    Netfirms had the exact same problem with their customers (including me and my clients), and their attitude was the same if not worse. all your wordpress sites and those of our clients got hacked, not only did it cause of unspeakable embarassment, we lost clients because of Netfirms’ insecure hosting and the “dont give a f***” attitude of their staff.

  162. Leonte Says:

    i was a few times trying to upload my website to host provided by go daddy – and that is one catastrophe!
    as result, images from my page are not visible, and everything is so bad css is not working as that need also. before my web site was at 000webhost, everything was working so nice, perfectly and for free – but thay suspend me – thay said that my web site was spam. so i decide to fuck off 000webhost and i buy account at go daddy.
    and there i am sure that i throw away my money. so complicate service with a so much password complicate procedure and so on. very difficult to understand how to upload webpage, photos, and so on – i am now goeing back to 000webhost and never, never again i should listen for that fucking and stupid go daddy host service!

  163. mark Says:

    Michael,
    I totally agree with you that GoDaddy is not the best place to make a wordpress blog.
    However I don’t believe HostGator is great either. I believe that WordPress is the best place to host WordPress blogs (duh) it seems stupid but it is the truth.

  164. Sandy Allnock Says:

    I’m hosting with GoDaddy :( And I wanna leave. Should I do that before cleaning, or do it in conjunction? And oh pretty please is that something I can hire you to do? I have both my nonprofit site (http://operationwritehome.org) that’s seriously infected and I’m getting complaints about a screen of Cialis text that flashes on screen….and GoDaddy sent me an email saying my personal blog is compromised (though it doesn’t seem to be as bad). Helllllppppp……

  165. Mike Harrison Says:

    “GoDaddy was claiming that this wave of WordPress hacks was due to clients not upgrading without even bothering to really look at the clients sites.”

    Not surprising, as I have found, almost every time I email their support staff with a brief, direct and simple question, that they tend to answer the question either based solely on a word in the subject line, and/or before completely reading my brief, direct and simple question. It’s as though they are from another planet.

    “Hot chicks and a strong tits and ass marketing campaign do not make up for apathy in matters of client security and well being.” I also came away with exactly the same impression.

    However, I shudder to think what will happen if/when I decide to move my hosting (and other domains that point to my site) to another hosting service.

  166. Attack of the Chinese Comment Spam Robots | Star Circle Academy Says:

    [...] getting back to that “payday loan” garbage. The problem is that GoDaddy’s servers are not secure – they are vulnerable to attack, especially via “sneaky files” designed to [...]

  167. Pandora Poikilos Says:

    This article was first written in May 2010, believe it or not it’s June 2013 and the same thing is happening. I don’t understand how they can be so laid back about this.

    Yes, come host with us but wait, we’re not giving you a lock and key to protect yourself.

    Bizarre.

  168. Leroy Van Der Heyde Says:

    What is even more disappointing is that whenever you talk with anybody at Godaddy hosting support they always tell you that there is nothing wrong on their side.
    Whenever the traffic increases they lose control and things go wrong such as emails being delayed or webforms loading slowly. I am so sick of them and after being with them for nearly 7 years I am finally going to leave. They are getting more useless by the day.
    A good example is that this thread was started in May 2010 and it is now, more than 3 years ago and still the same problems.

Leave a Reply