One of the services I offer people is cleaning their WordPress installations of hacks and infections, mostly for those who might not have the time or technical expertise to follow my hacked WordPress cleaning guide. Therefore when something happens that increases the number of people getting hacked, such as when a new exploit is discovered, or a security hole in a large host starts getting exploited (like what happened with Network Solutions last month), I get an increase in the number of people requesting help cleaning things up. This month it started happening with a large number of GoDaddy customers.
When it first started to happen I did some searching around, and noticed that there was some discussion going on about the heightened GoDaddy hacking activity, but at that time everything I read that stated the problem was with GoDaddy customers all had roots pointing back to a single post on a company blog that didn’t offer enough details for me to really see why it was happening there and not other places. Not that WordPress on other hosts weren’t still getting hacked, but there has definitely been a higher concentration of instances on GoDaddy. GoDaddy was definitely aware of the issue, and even replied in some threads on the WordPress.org help forum:
GoDaddy.com did send out a notification to customers affected by this issue. Although I know you would prefer not to be linked, I want to avoid flooding the forum. For a step-by-step guide to update WordPress, please visit http://fwd4.me/NGN – Alicia from GoDaddy.com
The link to their “step-by-step guide” to updating WordPress turns out to be nothing more than than a link back to WordPress’ own guide to upgrading, and links on how to back up your stuff on GoDaddy. Decidedly not step-by-step imo, and in this case not all that helpful. If the reason your site gets hacked is due to you running an older, insecure version of WordPress, once that happens simply upgrading will not fix the issue. This seems to me to be a bit of a lame response to a serious issue coming from a company that bills itself as the “World’s largest Hosting Provider”.
GoDaddy keeps insisting that the problem is due to outdated WordPress installations, and that staying up to date and site security is the responsibility of the customer, not of GoDaddy. In one sense I completely agree with them. If you run an older version of WordPress that has known security holes in it (ie. pretty much all versions aside from the most recent) then the odds are that you are going to get hacked. Most of the clients I cleaned from GoDaddy so far were up to date, running version 2.9.2, but this still didn’t mean that it was GoDaddy’s fault, since it is possible for a site to get hacked and no signs show up for months. This means that the sites I was cleaning could potentially have had the hack from an older version, and it only became apparent some time after they upgraded.
The problem is that after doing some very thorough clean up jobs (ie. wipe and reinstall), and making sure the clients were up to date, all passwords changed, all image files verified as actual images, clean WordPress, clean theme, clean plugins, and hand cleaning the database, I had clients still getting re-hacked.
One client I had was having issues with funky characters in his posts. He would make the post, everything would be fine, and then the next day they would be converted in a way that would make them display as unicode. This was well after I had done my cleaning, and no one should have made any changes to the database since then. My assumption was that GoDaddy themselves was making changes, possibly security upgrades related to the recent hacking waves, and I figured that calling them to see what they had done would be the best bet. In preparation for this I went ahead and logged into the client’s account, and ftp’d into the server just to make sure everything looked like it was in place still. As soon as I did I saw that about 30 minutes before a brand new, non-Wordpress, oddly named php file had been dropped into my client’s site.
I downloaded the file and looked at it. I suddenly realized that this was the source file for all of the hacks that were happening. It was named “plan_erich.php”, and had similar eval(base64_decode( instruction at the top of the file. I modified the code to be able to decrypt it safely, and looked through the output (which you can view here). The script was designed to delete itself as soon as it ran:
$z=$_SERVER["SCRIPT_FILENAME"];
@unlink($z);
Finding this script before it was triggered and deleted itself was raw luck. Catching this file gave a great opportunity to actually track down how these hacks are occurring, and possibly would leave clues that GoDaddy could use to keep it from happening again. Looking at the owner/creator of the file, and matching that timestamp up with the various logs (ftp, ssh, http, mysql, etc) could give GoDaddy the information needed to figure out how the file really got there, instead of just guessing that WordPress was the issue. I have never seen a file like this before, and searching Google for the name yielded no results, so there really was no other information out there available on this. Finding it there was a little like hitting the lottery in that respect, random and very, very good luck.
The problem, however, is that GoDaddy didn’t seem to care. I called and explained to the woman I spoke with exactly what it was that I found and how it could be useful. I told her that matching up that file to the logs could yield some potentially valuable information. She did listen carefully, and I am pretty sure she understood what I was saying, because she asked if she could put me on hold to go talk with someone who might know more. She came back and informed me that she didn’t have permission to look at those logs.
I explained again, in a little more detail, why looking at the section of those logs was very important, and if she didn’t have permission could she please escalate the ticket to someone who did. Again, she put me on hold. This time she came back and told me that they were uninterested in escalating it.
At this point I was a teensy bit amazed at GoDaddy’s lack of concern with the issue. She very kindly informed me that the issue was that the client was running an older version of WordPress, and that we needed to upgrade. Wtf? I went and looked, and made sure that he was indeed still running the 2.9.2 version that I had installed over a week ago (and remember, he was running that version before I ever did anything), and he was. I told her that. She told me that no, she was looking at what the hosting control panel said, and that he was running version 2.6.
That was when it struck me… GoDaddy was claiming that this wave of WordPress hacks was due to clients not upgrading without even bothering to really look at the clients sites. The hosting control panel can only report what was installed via the hosting control panel itself. If a client pushes the button to upgrade WordPress from within the WordPress admin section then the hosting control panel will never know.
As amazing as it seems, apparently the entire GoDaddy technical support team is ignorant of this fact. That’s right… the “World’s largest Hosting Provider” doesn’t understand the very basics of how the world’s largest blogging platform works.
Something, probably a hosting configuration, is allowing GoDaddy customers to have their sites hacked, and it isn’t file permissions, insecure passwords, or out of date software. Not being willing to even look when a developer calls to tell you that they found something is completely unacceptable. My suggestion to all GoDaddy hosting customers: bail now, before something happens to your site. This is not a WordPress issue only… although it seems to have targeted WordPress customers first, all sites that use php are at risk. Personally for shared hosting I recommend Hostgator, because I love their tech support (and their servers are very robust), but there are plenty of hosts out there to choose from (Disclosure: I changed the previous link to an affiliate link, although if you’d rather purchase hosting from them without giving me credit that’s fine too, here is a clean link for you: HostGator).
Bob Parsons, I am sorry. Hot chicks and a strong tits and ass marketing campaign do not make up for apathy in matters of client security and well being.
This is an eye-opening post, but as you say, the hack is not limited to GoDaddy. I’m a reseller for them and have always been impressed with the prompt responsive service. However, I too received the security warning that I was using an outdated version of WP. The email message only had links direct to WP.org so it was very useless. I checked all of my own and my clients’ blogs and all have been updated, so I was wondering what was going on. Now I see what you mean – if you used their auto install to install WP in the first place, they have no idea you updated it – several times over. Thanks for solving that mystery.
Personally, I’ve been involved with a number of hosting companies and have had issues with each and every one. I think it was a step in the right direction for GoDaddy to send out notices for those in need of upgrades, but they should have been sure of their information before doing so. It might have been more effective to send out a blast to all with WP installed to tell them to check to see which version they were running. If I’m not mistaken, Network Solutions (gag, gag) seemed to be the first target and I’m not aware they did anything, so something seems to be better than nothing, at least.
“Bob Parsons, I am sorry. Hot chicks and a strong…”
Best (and most true) line I have read in quite some time.
This makes me very glad I host elsewhere!
I looked at the code; what do the references to the domains mean? I found: holasionweb.com and burhot33-td.net – Could this be the culprit’s website?
Commend you for helping to keep WordPress users safe.
Sad that GoDaddy is blowing this off.
Wow. I am SO glad that I just moved a couple people off there. I’ve had clients hacked at other hosts, but the fact that they aren’t even interested in what you’ve found & are assuming that people are upgrading using GoDaddy rather than manual (my choice) or the incredibly easy internal upgrader (probably what most of their clients are using)–that’s just nuts.
Sure, not everyone upgrades. I’m planning to use this hack as a way to push a client up to 2.9.2 even though he’s been afraid to change stuff. But if it’s not just an old WordPress issue, they need to work on it. (I’ve heard of people w/other CMSes getting the same hack on GoDaddy.)
GoDaddy is the most incompetent hosting company I’ve ever dealt with. Years ago I signed up for a virtual instance with email and web server configured. Their default sendmail configuration allowed tens of thousands of spam emails to clog my storage and bring the machine to a standstill, and they goofed on my DNS configuration as well. After several frustrating days and no email service, I finally demanded a refund.
I’ve had a much better experience with HostingRails.com (they support PHP, Perl, and Python too), and they provide excellent customer service. And for domain registration, Moniker.com offers excellent service at competitive prices. Don’t waste your time or money with GoDaddy!
I have to say I generally love GoDaddy’s support, but their proprietary system is what stops us from hosting most clients w/ them.
Great post Michael, really pointing out the way GoDaddy operates – with apathy toward anything that is not profit-inducing, I have found another thing they do, which I ranted about a while ago here: http://www.articulayers.com/2010/02/dont-trust-godaddy/
Basically, if you don’t force a canonical redirect, they will take one of the domains and put a targeted PPC campaign on it. Not parked domains mind you – live sites. Shameless charlatans, IMHO.
Your post here amazed me though – their voiced response of being “uninterested” in pursuing it just boggles the mind.
For two years I’ve been insisting that clients do NOT host their WordPress sites with GoDaddy. They had issues beyond security – around databases being configured improperly with their “auto” setup.
Truthfully, though, this week has seen issues in a lot of hosts – including my favorite, BlueHost. So, at the moment I hate them all. But, gotta host somewhere, right!?
Thank you so much for writing this. I have none of my own site son GoDaddy, although I am guilty of using them just for domains. I’m gonna put my money where my mouth is and move them.
This is just completely irresponsible of them. I deal with *many* clients wondering what’s going on, and them saying “it’s wordpress” not only passes the buck but ultimately doesn’t fix anything. Clearly, there’s a preponderance of evidence at this point – not just this post, but dozens now – highlighting that it’s definitely not WordPress and it’s very likely the setup at GD.
You’re the second person I’ve heard of today that has tracked it down, has the proof and they’ve flat-out ignored them.
@Tia – you are right, you do have to host somewhere. And to be fair it is very possible that the same issue affecting GoDaddy is affecting other hosts as well, and the reason we don’t see more complaints from other hosts is because they simply aren’t as large. However, with the number of sites hosted with them, and the incredibly huge amount of money and resources GoDaddy could throw at this problem if they so desired, the fact that they are uninterested in trying to fix it makes them far worse than other hosts out there. They should be the leader, not a firm that simply sits by and points fingers.
My site is currently hosted with Godaddy and it took my 5 days to fix the hack. The Godaddy tech support person sounded like he was high when I was one the phone with him and he had no clue what was going on. He kept asking if I had upgraded to WP 2.9.2 (I kept saying, yes and I am diligent about upgrading immediately).
Brutal. I need to switch web hosts.
oh, and In the Thesis Theme Forum, the wonderful Shannon pointed me to This Article to help fix the godaddy hack issue and it worked like a charm 🙂 http://blog.sucuri.net/2010/05/simple-cleanup-solution-for-latest.html
Hi Michael,
I work for Network Solutions. I wanted to respond to Randy Duermyer’s post in which he mentions Network Solutions and claims that we did not do anything to respond to the recent attempts to hack our system. On the contrary, we have devoted numerous resources of our own and obtained assistance from the community and other organizations to help our customers. Among many of the extraordinary steps that we have taken, Network Solutions’ customers were provided a scanner to check their websites for hidden malware. We have also been open in our communications on our blog that you linked to in your post so that people and, importantly, our customers can gather information about this issue.
Our goal is to help the customers get on with focusing on the success of their businesses and we continue to concentrate our efforts on making it right for them.
Thanks,
Shashi
Nice post. We just went through this very ordeal, which hit 4 WordPress and 2 MediaWiki installations. GoDaddy wasn’t particularly helpful.
GoDaddy is essentially a marketing company, not a technical company. I don’t think they care about providing good service or really care about technical issues until it impacts their bottom-line. This is the perception of them I’ve gained from years of having to work with them to help support various clients. Personally I think they need to do a better job with security, especially right now with http://www.dirtyphonebook.com and others posting so many personal details about people. If GoDaddy doesn’t do more of a good job to protect their customers’ sites and especially privileged client data, I doubt it’ll be long before we see some kind of massive privacy leak that will damage their business and NO AMOUNT of scantily clad cheerleader Super Bowl ads will cure this perception if they don’t move to fix this.
Sashi, you are correct, you eventually did start digging deeper and even went so far as asking for help from the WordPress community, which is something that many companies would not be willing to do publicly, and that is definitely points in your favor. However, you guys did initially try and blame the hacks on the way WordPress itself was written, which did spark a bit of controversy and negative attention to the issue.
Have you guys gotten anywhere on finding the root of the issue? This really doesn’t seem to be host specific, although there are certain hosts that it does not seem to be affecting yet. Have you tried sharing information with any of them?
Does anyone know if GoDaddy and/or any of these other hosts are running PHP with either an suExec solution, or if not, with open_basedir restrictions? If neither of those are being used by your host, it would be in your best interest to leave immediately and find one that does. Any files writable by the webserver on a shared hosting account not using these techniques is vulnerable from any other account on the same machine. I’d bet anything that is what is going on…
I’m with GoDaddy, with multiple sites, and two of my sites and two of my blogs were hit. Both blogs were WordPress. See, GoDaddy says to have the most recent upgrade, but they are weeks, sometimes months late putting that on their auto-installer. I never use it, because I update the minute WordPress tells me there’s a new release. I KNOW both my blogs were current.
But the other two sites that were hit were Drupal backbones. I tried to follow their instructions to roll the site back in the history to a date prior to the infection and the first time, it worked like a charm. Then, I did all the upgrades, made sure it was the most current version, and everything was fine. The next morning, I was reinfected with the scareware script/redirect links. This time, I couldn’t roll it back, because for some reason, the database wouldn’t connect when I did. I got frustrated and wiped the whole damned thing out, and put a brand new, fresh install of Drupal and manually copied and pasted all my content (quite a chore for a seven year old site, let me tell you) and I knew I was current and clean – and then I went in and changed all my passwords to really difficult ones, including the FTP remote access, the hosting access, and the database passwords.
I got reinfected. Third time. My site is now down, and this is what GoDaddy’s tech support sent me:
“Thank you for contacting Online Support.
Unfortunately at this time, I do not have specific details on you current infection of how to completely resolve it. Please understand that we have limited support on virus attacks. You may want to make sure ALL files that were modified are changed, .php, .php.ini, and anything else regardless of file extension. It seems as if something still remained in the site even after the restore.
Please let us know if we can assist you in any other way.”
…..
Limited support… sigh.
I am on grid hosting with them, and they claim it affected less than 5% of their entire network – but FOUR of my sites were hit (well, two and two blog subdomains), and all four were hosting on the same grid.
I don’t mind that it happened – it sucks, but that’s part of the game, but this obvious lack of concern or interest in it, and them telling me this is MY fault when I know it’s not and the two days of downtime, lost revenue, and lost time for me and my tech guys having to fix this ourselves…. well, I’m not a happy customer, yanno?
Thanks for letting me vent. GoDaddy’s own site about this issue hasn’t approved my comments that are held in moderation and they limit to 100 words. Thanks for letting me share my experience.
Michy
I have been a Network Solutions shared hosting customer since February. This is my first venture in developing a WordPress media platform. We were hacked on the 18th and 23rd and stopped dead in our tracks.
As frustrating and exhausting as this has been I will go on record now and say that Network Solutions went ALL OUT to help customers and still are going all out to help customers. Not once did any NS representative suggest I would have to pay for anything or accuse me of being negligent. They we’re helpful, cool, polite, and fast under ultra intense pressure and GOT IT DONE. There are still a few minor inconveniences occasionally as NS continues to tighten things up. No problem. Whatever it takes.
Do I regret my decision to go with NS? The answer is no I do not regret it.
Nice catch on plan_erich.php mine was tiphany_enemy.php – more info here.
I had this happen on multiple personal accounts with Dreamhost. The hackers left a slough of those encrypted files – but each had a different name.
Dreamhost was super nice about helping me though – quick turnaround – and they scanned and found 3 files I had missed.
All I have to say is I’m not surprised. GoDaddy support is horrible at best. I agree that HostGator is the way to go.
I host my WordPress blog on GoDaddy and have suffered two PHP injection attacks in the past six months. I am religious about keeping my WordPress installation up to date, and I use only a bare minimum of plug-ins (Akismet, Subscribe Remind, Subscribe To Comments).
Fortunately, I cleaned each of them up quickly (by getting rid of the obfuscated eval block inserted into each of my PHP files), and, to the best of my knowledge, there was no harm caused to my readers.
Still, I’m curious if anyone knows whether the vulnerability is because of GoDaddy or WordPress itself. I like the flexibility of running my own installation, but another incident like this and I’ll be tempted to move off of self-hosting.
My sites once got hacked and turned into phishing sites of some finance institutions. I didn’t know all this until I received an E-mail from my hosting provider. They claimed that all my WordPress installations on the shared server are out of date. I updated them all after they helped me deleting all the phishing-related files and never again I got the same kind of E-mail notification.
The hosting provider was HostGator and I’m still using their service.
We engaged Firehost.com to manage all our infrastructure on page.ly for this reason right here. They have the skill and the hardware to prevent these sorts of things before they even start.
We pay 5x what we would somewhere else.. but I can sleep at night, and our WordPress hosting customers gain the added security benefit we are paying for.
The race to the bottom on pricing that the econo-hosts have been running is biting them and their clients in the ass.
Yeah my site was hacked like this twice, just before I was planning to leave Godaddy hosting anyway. (I just changed to a different host today!) I never installed WordPress or any other CMS system, just a few small php files I wrote myself, they didn’t even allow file uploads or anything like that. I checked the Apache log and in the second attack the file was called couple_peria.php. But it was already deleted by the time I checked FTP to look at it. I scanned every line of the apache log for that day and it looks like there’s no way the file was uploaded thru the web server (I would be very surprised if WordPress has anything to do with this AT ALL). Someone must be doing it thru FTP or SSH or something else.
I didn’t know about the problems at Go Daddy and Network Solutions until yesterday when I started getting malware complaints from my customers. My hosting company, Network Solutions, ran some sort of test on my site when I called them this morning, and while acknowledging problems with hackers, pronounced my site “clean”. However, this afternoon, customers were still getting malware warnings.
I don’t know code but by comparing the local and remote sites even I was able to find the malicious code on the index page and a script file that redirects users to a malicious site, so I can’t say that I’m impressed with the help I received from the folks at Network Solutions, especially since it turns out that the malicious code on my site was just like the code found on the U.S. Treasury and hundreds of other sites a few weeks ago. I am also not comforted by this Russian Youtube video http://www.youtube.com/watch?v=nabz7t65eUM which claims to show someone in the process of hacking Network Solution websites.
Give Hover a try
https://www.hover.com/
Great piece, Michael, and a nice piece of sleuthing, too!
That GoDaddy refused to accept responsibility as hoster for even basic troubleshooting comes as no surprise. As Jane Stenson said, they are a marketing company, not a technical company. The fact of the matter is(IMHO), the vast majority of the people that would even consider hosting with them, probably don’t know enough about how things work, to be able to recognize GoDaddy’s fail. I have registered domains with them, but I’d rather go back to smoke signals than use them as a host… I’ve heard far too many horror stories.
I am not sure if it can help in this case precisely, but I believe it does, they are small scripts to test the presence of intruders on a site: http://www.scriptol.com/scripts/script-checker.php compares the code of WordPress online and the true version that you put on a local directory and http://www.scriptol.com/scripts/botlane.php check the change on the files on the site.
I’ve been using Hostgator for over a year now and I have to say they are excellent. When a friend first uttered the name “gator” I was a little worried but I have to say I haven’t had a bit of problem with their servers or the support.
I have 2 site hosted on Godaddy. Malware injected to both the sites on May 1 and May 12. Yes, if it is a custom built site, Godaddy customer support just says, someone might have got your password. and This is customer’s problem, they can’t help in this matter. Unfortunately they don’t have enough help information how to prevent this. Planning to leave Godaddy.
My site on Godaddy was hacked too. I’m not using WP. It’s only pure PHP coding. In fact few years ago, I turned my HTML pages into PHP only to use few PHP function, mostly the ‘include’ one.
The hack happened also last January. At that time, I thought it was my fault: I turned on “magic_quotes_gpc”. I read also it wasn’t a good idea to include file via http (allow_url_include = On) so I changed that too.
But the hack happened again on may 12th.
Lucky for me: yesterday, I was able to change my ftp pwd and upload an .htaccess file to put offline my site.
But today, I wanted to re-upload my site. Unfortunately, I forget my new ftp pwd, so I changed it again. Then, no more ftp access via filezilla or even with their ‘file manager’. Oh, it says the pwd change can take up to 30 minutes… Why? Anyway, I waited 1 hour before calling their tech support. They told me they were aware there was a problem with the ‘file manager’. Regarding my ftp pwd, they told my to wait until noon PST… in 10 hours for me…
I’m glad my hosting plan is expiring in July.
Thanks for the great analysis. I always recommended my customers to stay away from GoDaddy, although for different reason, now it only solidifies my recommendation.
Scary how easily large installs like this penetrated and then ignored by those who supposed oto help end users protect it.
Fortunately I only use Godaddy as a registrar service but my 2 cents is this anyway: When using a shared server with a 1000 + other web site owners there’s bound to be at least one that has an outdated no security WP installation.
My info (conjecture) is that using that vulnerable site the script was able to get FTP access from the server for all the other domains, then it could startspecifically targeting php based installs ( of which WP is obviously the largest).
To me that would explain the re-infections even after the sites had been thoroughly cleaned by owners clued up enough to do that.
Doesn’t matter how up to date your WP install, or built in security is if a hacker or his script has gained FTP access to your site.
My host (Heart UK) features a FTP lockdown feature that disallows any FTP access unless the site is ‘unlocked’ for a set period of time or IP address and that sounds like it might be an idea other hosts should apply if they don’t already.
So that, and my recently following the 30 security measures for WordPress as espoused in WordPress Defender http://www.blogbriefing.com/wordpress-security/ will, I hope, keep my sites secure. Or pay out for a dedicated server – a bit out of my reach.
@Clive – I am pretty sure that if a server is running some sort of properly configured suexec solution, where each user is prevented from accessing the home directory of another user, then being on a shared host is fine since each virtual host can only access files on their specific directory. I know that HostGator switched to that solution a couple years back, and as far as I can tell, so far they are not one of the ones being affected by this.
Latest post on my site have soft fixes for this, but it’s not all encompassing, just quick for PHP files.
New posting coming soon with more updates and thoughts. Just found this exploit happening on a BlueHost.com hosting account. Reading deeper into what it’s actually doing.
I agree, you need to make sure all image files ARE image files and the only files on the server are YOUR files. This is kind of a nightmare, but the hopefully the power of community (WordPress, PHP, geeks) can overcome.
More to come, great post @Michael) – and though I’m widening the provider that’s fallen prey to this, GoDaddy is still the Walmart of Web Hosting and I avoid them like… well, Walmart.
Same thing happened in Italy to a lot of wordpress site hosted by Aruba (an Italian provider).
They answered the hacking was due to an old version of wordpress.
Same story…
I used to work in hosting at Godaddy. While it is true that the average first tier support knows nothing and is generally useless, I believe that if you get escalated to the correct people or sadly rant enough on twitter, you will find that the engineers and people working directly on the products do care. Unfortunately the company is so large that getting the the correct level of support and filtering the noise is difficult. It was definitely hard to work for a company and see posts like this when you know that the engineers are working hard long hours trying to fix issues and deliver the best product they can. Of course management and corporate aren’t always as supportive.
@sean – I am sure that there are at least some tech staff who are at least somewhat knowledgeable, but here’s the thing… 99.9% of customers would not even think to ask for a ticket to be escalated, period. I was very specific in my wording, and very careful in describing why. To ask a 1st tier tech to please escalate the ticket, be put on hold, and have them go put in the request, and have them come back and tell me that they were not interested in escalating it…?
I am sorry. There is no damn excuse for that.
I hosted with network solutions for many years and, yes, they were very good. But I’m not a rich man. I’ll second your vote for hostgator. They’re on top of things. (Watch out for asmallorange, too: I have acquaintances who’ve had bad experience with both them and godaddy. Grrr. Know thy host. See webhostingtalk dot com for reviews of hosts.)
I completely agree Michael. There is a reason I’m an ex-employee after years of hard work and seemingly little no movement from management for change despite promises, I moved on when a move to management was the only choice for career advancement. There simply isn’t a strong technical development path at Godaddy where good enough is the spoken far too often. I heard Parsons put it best at one of our developer events, Godaddy is the walmart of hosting.
Early into our investigation, Go Daddy noticed a majority of exploited websites were all running WordPress. After feedback from customers, more attacks and more in-depth analysis, we modified our statement to specify the attacks targeted numerous PHP-based applications, which included WordPress.
Go Daddy has taken a number of steps to gather information from our customers and the industry in order to help with this issue. We have 24×7 Security Operations, Network Operations and Abuse, ready to investigate any complaint which sent at any time.
Transparency is a core value at Go Daddy. We intend to continue our commitment to communications. There are times, however, when revealing too much, such as specific code from the attack, helps the criminals causing the problem.
We are aggressively collecting data to see how the attack is maturing and to discover ways we can help prevent our customers from being impacted and shut down ‘the bad guys’ altogether. Go Daddy is the world’s largest hosting provider in the world. As the leader, we are working with industry security experts and other top hosting providers.
As part of our investigation, Go Daddy is encouraging customer input about their related website issues, which is why we set up a special questionnaire http://www.GoDaddy.com/securityissue.
Look for further updates from Go Daddy on this topic, at http://Community.GoDaddy.com/Support.
– Todd Redfoot, Go Daddy Chief Information Security Officer
Hallelujah! Do you realize @Todd Redfoot that this is the first pro-active response that anybody, certainly me!, has seen from GoDaddy on this? And I’m partcipating on a number of threads on this throughout the web.
Without wanting to apportion blame ( let’s sort out the issues first) have you alerted your first tier Support people to take a tad more seriously any support queries coming in to your Support Center raising these issues?
Let’s be frank. The comments here are not a great endorsement of your company’s Support ethos. Sure I understand that you have been wrong-footed on this, support wise, so are you ‘on the ball’ now?
Bearing in mind that the folks here are pretty clued up and your average customer, I suspect,is not how about an ongoing update page somewhere?
I take the point about alerting the hackers to the sanctions that you are putting in place – but that said the, up until now, deafening silence from GD needs to be addressed.
I’ve a idea. Everyone hosting with GoDaddy, get up and leave. Now.
This could be the great month of exodus. A month where everyone collectively leaves Facebook and GoDaddy. It’s a month of healing.