Hosting With GoDaddy? Might Want To Rethink That Decision.

One of the services I offer people is cleaning their WordPress installations of hacks and infections, mostly for those who might not have the time or technical expertise to follow my hacked WordPress cleaning guide. Therefore when something happens that increases the number of people getting hacked, such as when a new exploit is discovered, or a security hole in a large host starts getting exploited (like what happened with Network Solutions last month), I get an increase in the number of people requesting help cleaning things up. This month it started happening with a large number of GoDaddy customers.

When it first started to happen I did some searching around, and noticed that there was some discussion going on about the heightened GoDaddy hacking activity, but at that time everything I read that stated the problem was with GoDaddy customers all had roots pointing back to a single post on a company blog that didn’t offer enough details for me to really see why it was happening there and not other places. Not that WordPress on other hosts weren’t still getting hacked, but there has definitely been a higher concentration of instances on GoDaddy. GoDaddy was definitely aware of the issue, and even replied in some threads on the WordPress.org help forum:

GoDaddy.com did send out a notification to customers affected by this issue. Although I know you would prefer not to be linked, I want to avoid flooding the forum. For a step-by-step guide to update WordPress, please visit http://fwd4.me/NGNAlicia from GoDaddy.com

The link to their “step-by-step guide” to updating WordPress turns out to be nothing more than than a link back to WordPress’ own guide to upgrading, and links on how to back up your stuff on GoDaddy. Decidedly not step-by-step imo, and in this case not all that helpful. If the reason your site gets hacked is due to you running an older, insecure version of WordPress, once that happens simply upgrading will not fix the issue. This seems to me to be a bit of a lame response to a serious issue coming from a company that bills itself as the “World’s largest Hosting Provider”.

GoDaddy keeps insisting that the problem is due to outdated WordPress installations, and that staying up to date and site security is the responsibility of the customer, not of GoDaddy. In one sense I completely agree with them. If you run an older version of WordPress that has known security holes in it (ie. pretty much all versions aside from the most recent) then the odds are that you are going to get hacked. Most of the clients I cleaned from GoDaddy so far were up to date, running version 2.9.2, but this still didn’t mean that it was GoDaddy’s fault, since it is possible for a site to get hacked and no signs show up for months. This means that the sites I was cleaning could potentially have had the hack from an older version, and it only became apparent some time after they upgraded.

The problem is that after doing some very thorough clean up jobs (ie. wipe and reinstall), and making sure the clients were up to date, all passwords changed, all image files verified as actual images, clean WordPress, clean theme, clean plugins, and hand cleaning the database, I had clients still getting re-hacked.

One client I had was having issues with funky characters in his posts. He would make the post, everything would be fine, and then the next day they would be converted in a way that would make them display as unicode. This was well after I had done my cleaning, and no one should have made any changes to the database since then. My assumption was that GoDaddy themselves was making changes, possibly security upgrades related to the recent hacking waves, and I figured that calling them to see what they had done would be the best bet. In preparation for this I went ahead and logged into the client’s account, and ftp’d into the server just to make sure everything looked like it was in place still. As soon as I did I saw that about 30 minutes before a brand new, non-Wordpress, oddly named php file had been dropped into my client’s site.

I downloaded the file and looked at it. I suddenly realized that this was the source file for all of the hacks that were happening. It was named “plan_erich.php”, and had similar eval(base64_decode( instruction at the top of the file. I modified the code to be able to decrypt it safely, and looked through the output (which you can view here). The script was designed to delete itself as soon as it ran:


$z=$_SERVER["SCRIPT_FILENAME"];
@unlink($z);

Finding this script before it was triggered and deleted itself was raw luck. Catching this file gave a great opportunity to actually track down how these hacks are occurring, and possibly would leave clues that GoDaddy could use to keep it from happening again. Looking at the owner/creator of the file, and matching that timestamp up with the various logs (ftp, ssh, http, mysql, etc) could give GoDaddy the information needed to figure out how the file really got there, instead of just guessing that WordPress was the issue. I have never seen a file like this before, and searching Google for the name yielded no results, so there really was no other information out there available on this. Finding it there was a little like hitting the lottery in that respect, random and very, very good luck.

The problem, however, is that GoDaddy didn’t seem to care. I called and explained to the woman I spoke with exactly what it was that I found and how it could be useful. I told her that matching up that file to the logs could yield some potentially valuable information. She did listen carefully, and I am pretty sure she understood what I was saying, because she asked if she could put me on hold to go talk with someone who might know more. She came back and informed me that she didn’t have permission to look at those logs.

I explained again, in a little more detail, why looking at the section of those logs was very important, and if she didn’t have permission could she please escalate the ticket to someone who did. Again, she put me on hold. This time she came back and told me that they were uninterested in escalating it.

At this point I was a teensy bit amazed at GoDaddy’s lack of concern with the issue. She very kindly informed me that the issue was that the client was running an older version of WordPress, and that we needed to upgrade. Wtf? I went and looked, and made sure that he was indeed still running the 2.9.2 version that I had installed over a week ago (and remember, he was running that version before I ever did anything), and he was. I told her that. She told me that no, she was looking at what the hosting control panel said, and that he was running version 2.6.

That was when it struck me… GoDaddy was claiming that this wave of WordPress hacks was due to clients not upgrading without even bothering to really look at the clients sites. The hosting control panel can only report what was installed via the hosting control panel itself. If a client pushes the button to upgrade WordPress from within the WordPress admin section then the hosting control panel will never know.

As amazing as it seems, apparently the entire GoDaddy technical support team is ignorant of this fact. That’s right… the “World’s largest Hosting Provider” doesn’t understand the very basics of how the world’s largest blogging platform works.

Something, probably a hosting configuration, is allowing GoDaddy customers to have their sites hacked, and it isn’t file permissions, insecure passwords, or out of date software. Not being willing to even look when a developer calls to tell you that they found something is completely unacceptable. My suggestion to all GoDaddy hosting customers: bail now, before something happens to your site. This is not a WordPress issue only… although it seems to have targeted WordPress customers first, all sites that use php are at risk. Personally for shared hosting I recommend Hostgator, because I love their tech support (and their servers are very robust), but there are plenty of hosts out there to choose from (Disclosure: I changed the previous link to an affiliate link, although if you’d rather purchase hosting from them without giving me credit that’s fine too, here is a clean link for you: HostGator).

Bob Parsons, I am sorry. Hot chicks and a strong tits and ass marketing campaign do not make up for apathy in matters of client security and well being.

Be Sociable, Share!

168 thoughts on “Hosting With GoDaddy? Might Want To Rethink That Decision.

  1. Our site at Go Daddy has been down for over 10 hours. They had a problem with the server. With today’s technology, no web server should be down more than 15 minutes. After escalating it all the way to the president’s office, they answer was the same “We are working on it”. They could not give me an estimate when it was going to be fixed. How sad is this. They have no idea after 10 hours how long it will take to restore the data. I could have setup several servers and restored the data in this amount of time. Being unable to estimate the time to recover a server and the data just shows they have no clue what they are doing.

  2. Godaddy is crap.
    They should be chased away from hosting business and should be left alone with domain registration services.
    About 10 wordpress sites of ours too got hacked..

    Their support team just copy/paste answers from knowledge-base and they really don’t have any knowledge.

    They were unable to fix simple php.ini thing on my account and keep on saying that our sites are hacked therefore its not working and then they don’t provide scripting support.

    Later on I myself found its not working coz php.ini should be named as php5.ini
    Perhaps Bob Parson has no time to look at the quality of support provided by his company and instead is all time just busy with his girls.

  3. I’ve just found this thread after reading about these hacks and I’m now concerned. While I haven’t been hacked yet, I am new to WordPress and am currently building sites using it, all of them hosted at GoDaddy. All of the sites I’ve built previously have been with ASP.NET or simply .ASP, so I’m very new to PHP code. I have had very little problem with the .ASP sites being hacked (it happened once, but didn’t destroy anything), and I’m wondering if the hack is relevant to the type of hosting (Windows or Linux). I use Windows, only because I built sites in .ASP, and all my WordPress sites are on a Windows server environment with IIS7.

    Are the hacks specific to Linux or can they happen on a Windows server as well?

  4. I use http://www.Cheap-domains.IT and their auto Joomla Installation wizard. Never had an issue and used them for 6 years.

  5. All the hacks on my site were infected PHP files (linux hosting) so I assumed the issue was PHP related, some Javascript calls were installed via PHP but no existing scripts altered and HTML was untouched, on the WordPress site the CSS structure in the admin page just disappeared.
    I have followed a lot of threads on this issue and don’t recall any comments on specific server types (ie Windows vs Linux).
    As a devout Linux user (including personal operating systems) I would like to think Linux is not the issue but maybe it is a hole in Apache Server letting them in or more likely the way Goddady configures and maintains it.
    I am sure it is not the apps that are at fault because the infection on my site went across three different applications, all PHP based, all were current versions and all differed slightly in the way they were secured.
    Whatever the cause of the security breach the real issue for me has been the way Goddady managed it, or didn’t manage it, would be more accurate.
    My only real feed back from them since the last attack has been a quantum leap in the number of promotional emails offering me ( and I guess everyone else) discounts on hosting and domain registration.
    It feels like their solution has been to let those customers who are dissatisfied to just wear it or walk and replace them ASAP by mass advertising.
    I am a realist about the limitations of shared hosting and this second round of attacks has made me look to virtual dedicated servers or cloud hosting for the future; where previously I would have looked to goddady to upgrade, I would no longer consider them for anything but domain registration, given their disgraceful management of this issue.
    Rather than worry about whether Windows or Linux is more secure I would be more worried about who is maintaining the system whatever it is. Goddady have a lot of ground to cover to regain any credibility in server security and customer management.

  6. I love to hear positive contributions about hostgator. This guys are truely helpful. I have my dedictaed server with them and any time a trouble come calling, they are ever there to assist. What is even more amazing is their response to problems. I compare hostgator to non other. I am a host provider but I have always dreamed to reach their level.

  7. I have a WordPress website on GoDaddy and my site has been slow recently and intermittently down a few times the past few days. I did not upgrade to WordPress 3.0 until today. How do I know if I was hacked and how do I fix it?

  8. I recently had a Godaddy hosted WordPress Posts populated with redirecting iFrames. The WordPress files themselves were unaffected, just the database was ‘corrupted’/hacked. After much research I discovered that I certainly wasn’t the only Godaddy hosted site to be affected.
    The thing to takeaway here is that just because a Site runs WordPress doesn’t mean that every hack-attack is because it is a WordPress Site!

  9. Good point, Gary. I think Mullenweg’s crew has done a pretty good job of making the platform safe, but anytime you start tacking a bunch of open-source stuff on, you may be opening up a Pandora’s box of new vulnerabilities. Aside from that, with WordPress’ growth rate, I think it was inevitable that hackers would start to focus on it. The idiots see it as a challenge, I suppose. Any “new gun in town” becomes a target, once they get big enough to attract attention. WordPress is definitely there!

  10. So, what do you do when they are getting maleware on an html site? All of my sites seem to be systematically getting it and I just re-uploaded my waterbeads4plants.com site and it still says I have the maleware. Not sure how to get it off.

  11. @Jenn – your site is in php and has a WordPress blog attached to it, so I am not sure what you mean by “an html site”. You probably have a backdoor somewhere on your site somewhere that you are missing. Do you have more than one site hosted on the same account? I would check those as well if so. Also, please check out my hacked WordPress cleaning guide, it might help you out.

  12. In early July our GoDaddy site(s) were hacked. We are not even a WordPress site. PHP files were added to the site and other files had lines of code added. It took days to get the site cleaned up…we are attacked over and over. GoDaddy insisted to my client that it was our problem and not theirs. I don’t know, but I found the PHP file on our site is well-known malware. I can’t help but wonder why Godaddy doesn’t do a sweep for malware files.

  13. Can anyone help?

    I have been with GoDaddy for years and just had my first hacking. I purchased a new domain on 8/2/2010, and installed WordPress 3.0.1 (can’t get any more updated than that).

    I mmmediately went to work on my new blog. But when I tried to install a plug-in, that’s when I found it had already been hacked. When I click to install a plug-in, I get a window that says, “Are you sure you want to install this plugin?” And when I click yes, Avast gives a virus warning and the blog redirects to http://ns2.wheelerairservice.com/main.php?h=mysite.com . . . .

    I find it hard to believe this is WordPress. It happened too fast. Go Daddy was useless. They sent me a silly email with an overview about how to detect and prevent malware. They said it appears someone hacked into my hosting account and there was nothing more they could do.

    Please help me. Why is the attack only affecting plugins and what can I do to get rid of it? Any suggestions? I want to get moving with my new blog but I am stuck at square one. I have 15 other blogs hosted with Go Daddy & no problem.

    Keep in mind I am not a techie at all. Please dumb down your reply. I beg of anybody. Not too proud at all.

    Thanks.

  14. If it helps anyone else, after finding I had 10 more blogs infected, I called Godaddy and calmly asked, “How much will I be refunded if I were to transfer my hosting?” He immediately asked me why I wanted to transfer after being with Godaddy for so long. I calmly explained why . . . e.g., I told him, “There’s malware on my blogs/server and I’m tired of messing around with it and would prefer to just drop Godaddy and start fresh somewhere else.”

    He then spent 45 minutes on the phone with me and when I hung up, all the malware was removed. Godaddy “does” have the ability to quickly scan for malware AND remove it.

    I don’t know if I will be reinfected. All passwords everywhere were changed and I am safe for the moment.

    I don’t know if I got lucky and got a good guy on the phone or if it’s because of all the money I have paid Godaddy over the years, or both.

    Whatever, I am grateful.

    Good luck to everyone.

  15. Unbelievable that this is still going on, look at the dates on the first comments.
    In any other market sector Godaddy would have been sued within an inch of their life by now.
    I hate to say it again but changing passwords, reinstalling, cleaning files et al, did not stop my domain being reinfected 4 times in as many weeks, basically these attackers can enter Goddady servers at will.
    It just appears to be a matter of luck whether you are hit, while good site housekeeping practice is important, it will not protect you fully.
    The only common denominator on my domain was files written in PHP (not just WordPress).
    I still have a few sites running on Godaddy but will move them as hosting expires and all new project’s are being done in Ruby on Rails (very steep learning curve) and deployed to “cloud” hosting (cheap and nothing is written to disk on the server, ie nowhere to leave a malicious script if they can get in).

  16. @Greg – just so you know, I have seen hacked sites on a cloud setup before, and I have seen entire php scripts embedded into the database as well. You need to make sure you go through your database very carefully when doing a cleaning… it’s why many automated cleaning processes don’t cut it.

    I am not saying that GoDaddy is in fact safe, because I do not know. I am just saying that I have seen some very cleverly hidden back doors in some of the sites I have cleaned. If you want me to take a look at one of your sites after you have cleaned it, see if I might be able to spot something you missed, let me know.

  17. I guess nothing is bullet proof but these guy’s seem to be going for the low fruit and Godaddy seems to be very easy picking.
    Why is PHP targeted so heavily? It gives the impression of being insecure compared to say Java or Ruby.
    Pity because I love WordPress as a platform, if you just want to blog it’s the only way to fly.
    I did not clean my sites, I just destroyed them and started again with new installs, new databases and new 10 character 6 digit passwords, it didn’t help.
    On one install I was actually infected while online putting up the first post (very boring).
    Will keep your offer in mind (thank’s) for the two WordPress sites I still have, which so far have not been touched (they are on Godaddy) but they are pretty low volume sites not in the root folder of the domains they are on, don’t know if that’s relevant but I have lost sites in the root folder while subdomains have escaped infection on other domains.

  18. I am making a very educated guess here……GoDaddy’s e-mail servers are infected which is why for over 2 weeks now they keep getting blocked by Microsoft (MSN & Hotmail)and Yahoo.

    I sent out an e-mail today and got bounce backs from addresses I did not send to and my system is totally clean.

    I called GoDaddy this morning regarding bounce backs of legitimate e-mails sent by my clients to legitimate MSN, Hotmail &Yahoo accounts. They denied they were being blocked again. BS!

    When I got home this evening I checked my e-mail. I had sent an e-mail to one of my contacts at Dell this morning and in my Inbox this evening was a bounce back from GoDaddy with a bunch of e-mail addresses that I obviously had not included in my e-mail. After scanning my computer (just to assure myself that it was not me, which I knew) I called GoDaddy and told them that I believed their mail servers were infected and that explains why they keep getting blocked. I was asked, infected with what?? Oh gee, here we go again….ummm, Malware, a virus, a rootkit, how the heck would I know what the infection is….I am sure they know!!!!!!!!

    Bob Parsons needs to take this seriously. Your customers do not like being lied to nor treated like we have no clue as to what we are talking about.

    After mulling todays events over in my head I called back. I explained to the rep that since I believe their mail servers are infected that I was worried that their hosting servers were infected also. I have clients with online storefronts, etc. The guy got a little nasty tone in his voice and said my e-mail issue had been escalated and blah blah blah I would hear in 1 to 3 days via e-mail as to what might have happened. Mail servers are seperate from hosting. Really, that’s all you have to say….they got your e-mail servers….how can I be sure that they haven’t gotten to your hosting servers????

    I responded that I couldn’t believe that they aren’t taking this seriously….would GoDaddy be honest and say if they are/were infected. He said “They have to tell us”. I responded, Really???? that all I got when I called this morning were lies lies and more lies. He did not like that. Too bad! This is serious stuff boys and girls!

    Oh and I saw a comment from a Network Solutions person in the thread………they lied lied lied about their issues in May also and they lied last week about AT&T blocking them, and they have always lied which is why I switched to godaddy in May and have been moving my clients to them……….damned if you do and damned if you don’t.

    I do agree………..all the hosting providers at some point have issues but the thing is……..BE HONEST. Inform your customers and inform them fast! Apologize profusely especially regarding this issue………..your e-mails are being sent to people you don’t know and you don’t even know it.

    Never, and I mean NEVER send anything via e-mail that has “sensitive” information. If you really need to e-mail “sensitive” information, use encryption!

  19. 9 times out of 10 the ‘mystery’ files are simply uploaded by hackers through FTP. Be sure to change not only your WordPress passwords, but every FTP account and database password. Malware infections in webmaster’s own PC’s (some even caused by a previous WP hack) are a huge source of leaked FTP logins.

  20. I also have two scripts on my WP file which doesn’t sound like it belong there. One is bill_knows.php while the other is shannen_auria.php. Do you think these are hacks too? I’m with GoDaddy too.

    Thanks!

  21. Wow, that’s a quick reply michael. thanks!

    i actually am transferring to hostgator (yeah, i read your how to completely clean hacked site guide – and followed you). I’m just wondering if you have another how to guide for that because the ones you have in your guide was in the same server/host.

    I’d like to start clean. Would the following steps suffice because these are what I intend to do:
    1) back-up WP file from GD
    2) download back-up file on my PC
    3) import all posts/comments/etc using WP importer
    3) create an add-on domain at HG
    4) set-up wordpress via fantastico at HG
    5) change DNS settings at GD to point to HG

    I’m stucked here. I’m not sure if it’s the right move because propagation may take hours before I can access the sites and upload my imported posts/comments/etc. at HG.

    Do you think I’m at the right track? Or do you have an article about this that I missed?

    Thanks!

  22. People, the hacks on Godaddy might have nothing to do with the files on your webserver, let alone with WordPress. The security on their shared servers themselves is nonexistant. I was able to access about 40 different godaddy joomla and wordpress config files today and view database passwords and everything. Good thing I’m not a hacker

  23. Last night I was surfing Google Images looking at MRI slides. I forgot to turn my protection back on from something previously and mindlessly clicked a photo to read further info on a brain scan. Suddenly I found my browser locked up as the website launched Java.

    So I killed it all from Task Manager and spent the next few hours removing all the Trojan installers and resulting worms (it’s a new virus first reported weeks ago.)

    The last thing I did was kill the internet, then restart the browser in recovery mode to get the offending domain name. After a WHOIS I found it was reg’d at GoDaddy.

    I called them, and the tech could not care any less–he did a whole lot of talking and apologizing after everything I said, not actually listening to my points and questions.

    So I reported the domain as using fake WHOIS info to the proper link. I spent about 4 incident ticket exchanges with them, repeating myself and them repeating the canned “Please reply with the returned email” and “Please reply with a copy of the returned postal letter.”

    I finally got fed up and said to reply to me like a real human being. The last email I got was finally a bit more personal, thanking me for bringing it to their attention and they will contact the malware guy to ask him to update his WHOIS.

    They didn’t care one bit about the MALWARE and the 50 other domains the fake registrant (obvious fake name) registered the same day on Dec 18 that I told them about.

    UNBELIEVABLE

  24. I had no idea GoDaddy works like that untill now. I got an email from customer support saying that i have to remove some files from my server. They have specified the names of my files (nothing offensive, I had a few personal photos there). It means that GoDaddy clearly looked through my data on my server. They didn’t warn me politely, they went through my data and browse there. There is clearly no privacy with GoDaddy, you can’t trust this provider.

    btw I saw some php scripts that don’t belong on my server as well.

  25. I too found two strangely named php files in the root of my GoDaddy hosted WordPress site, with names quite similar to what you mention. However, it appears that (luckily for me) the files did not actually execute, so I did not have much cleaning up to do. The files were date mid-November.

    As far as GoDaddy hosting goes, I’ve been having absolutely terrible experience. My site goes offline every day for a minute or two, here and there almost every hour. I thought that perhaps moving from the shared account to the “deluxe grid” would alleviate the problem, but it seems that the only thing the upgrade accomplished was moving more money from my wallet to GoDaddy’s account. Customer service has been completely unhelpful, as they claim that everything works fine when they check the site.

  26. Thanks for the article. I get the same vibe from GoDaddy. Is GoDaddy so big they don’t care anymore? They probably think they can just ignore the small customers. I’ve had similar apathetic responses in regard to emails. I recently had one case dealing with a simple .htaccess configuration. For once they came through after a couple of phone calls read my rant here: http://primografix.com/godaddy-rant.html Thanks for getting the word out about GoDaddy!

  27. GoDaddy is horrible. They should just turn it into a nude site because all I ever see are these hot girls on the home page. However, their actual services in web hosting suck.

  28. I once again have to confirm that GD hosting is not as expected. I had few of my sites hosted with them when i started online business and they gave me real hard headaches!

  29. The GoDaddy and WordPress combo are an absolute nightmare. I had a client with 2 domains and 1 hosting account and it’s been a day long adventure just trying to separate the installations. In the time it’s taken me to try and use WordPress with GoDaddy, I could have had 10 sites up and running… GoDaddy’s customer service was at least reachable on the phone but in the end, no help at all. Updating to a new host as we speak.

  30. Godaddy.com recently reassigned (or what they call ‘migrated’) my website to a new server to “provide [me] with increased performance and reliability”. Instead of copying my files over onto the new server and waiting for the modified DNS to fully propagate before removing the files from the old server, they simply ‘migrate’/move them. This process has caused my website to be down for 1-2 days.

    I called godaddy.com support and explained to their support person how they could manage this process better to avoid impacting my website but unfortunately they don’t either seem to understand or care (probably both). If they cared so much about the performance of my website, they have a funny way of showing it since it is now down.

    If you are considering godaddy.com for hosting, you should think again….

  31. I just recently hosted a new site with GoDaddy and it’s already been hacked twice in the past few weeks. I changed all of my passwords, deleted all of my files, and coded out an entire new site without using wordpress, but it was still hacked a second time within days. My other sites (NOT hosted with GoDaddy) have NEVER had this problem, and I’ve had them for years.

    GoDaddy gave me the “we’re not responsible for cleaning your site and keeping it protected” and it seems like they just want me to buy more options or something. I am definitely pissed.

  32. After subscribing to these postings for several months and having approximately 50+ sites being hosted on GoDaddy for my clients (on both Linux and Windows servers), I wonder how many people who have responded saying they’ve been hacked are using a database-backed web site and have NOT added SQL injection protection? I have one site alone that is attacked 10+ times per day, EVERY DAY of the year with SQL injection attacks and I’ve been able to hold off every attacker.

  33. I came over here through Donna Fontenot’s recommendation to see what you had to say about GoDaddy.

    I am currently with Hostgator and keep having problems with them.

    I keep getting this email from them:

    “We have noticed a large amount of comment notification emails originating from your account regarding spam comments that are being posted to your blog. This indicates that your blog is being abused by spammers and resulting in a large number of emails being sent from your account. Abuse in this manner can lead to several issues including an
    increased consumption of CPU cycles and increased chance of spam complaints. In order to stop the large influx of spam notifications, we have changed two settings in your WordPress administartor dashboard. Under SETTINGS->DISCUSSION , we unchecked the box that says “E-mail me whenever Anyone posts a comment” and checked the box “Users must be registered and logged in to comment”.

    Can you believe it? They keep going into my account and changing my settings!

    I am at a loss as to what I can do at this point with them…

    Ana

  34. Ana, ok, I have never, ever heard of any host doing that. My gut instinct would be to raise hell, but of course it sucks if they shut you off for overusage too (which is something they do have the right to do). It’s hard to say which I would rather have them do.

    By the way, are you getting hammered by spammers? I have a couple of quick fixes that I had to put in place in order to keep them spammers bringing down this site a few years ago I can share, if you need.

  35. Michael:

    I noticed that whenever someone posts a comment, including me, the following script is added to the email address:

    /* */

    I believe it’s the source of my problems. Have you seen it before; any idea how to deal with it?

    Thanks a million!

    Ana

  36. Make sure any applications you have on your hosting account are up to date on the latest version. That is the way they hack you most times by looking for vulnerabilities on your code. Maybe an application you installed and forgot about.

  37. I have 3 self hosted wordpress blogs hosted on two domains – 1 with wordpressed blog 1and1 , second with godaddy techblog whitershade
    Third open blog.
    There are vast differences between the hosting quality of the two.
    Whereas I have little problem with 1and1 (run on php5), godaddy keeps on frustrating me endlessly :
    – Numerous instances where W3 cache does not work
    – anytime a plugin is for update, you need to install it manually via ftp, sometimes twice.
    – (with 1and1 the same plugin works via autoupdate, php settings on 755 on both)
    – godaddy keeps on spamming my email with ‘offers’ endlessly, needless to say, I will not
    heed to their luring tactics.
    – overall, 1and1 is the better option, essentially I find it working better bandwidth, hassle free,
    ever since they changed their php servers 1and1 is the better option, without doubt.
    – I will transfer my domain once the contract will end.
    Bye godaddy, your cute chick on the front page can’t entice me any longer.

    Godaddy is a drag money making machine that has not much to offer except endless ‘special deals’ .

    < wordpressed Nice blog

  38. I just want to start by saying I am not a knowledgeable technical web guru, just a basic user who coordinates & handles the websites for our small company.

    I started searching Google for answers because GoDaddy will not give us ANY help. When I came across this info it was all very enlightening! You all help the little unknowledgeable people like me greatly!

    Our problem is that we bought VDS space from GD to host our Magento based store. We also have another PHP web site for our sister company as well (catalog database only, not a store), which is very outdated programming but runs just fine.

    Someone from the office noticed that the Magento store will only load the landing page, but when you try to enter the store it is a plain while blank screen. No info, no error, just nothing. Every page is the same, even the admin area once logged in. After 3 phone calls to GD, 3 ticket submissions (which they claim they never got), NO answers from GD and 48 hours of consecutive headaches I spoke to our site programmer who suggested we take a look the /var/report folder, the /var/log folder and also the Apache logs. He thinks that we may have been hacked! OK…there’s no proof yet.

    I also think I know the date, because when I was logged into the server admin, I was able to view the bandwidth usage. Funny that up until August 4th we had normal traffic and from August 5th on…NOTHING! No activity…

    Did I mention that I HATE the fact that GD has no VDS phone support unless you pay $169.00 p/month to have special server assistance, so my only option now is Live Chat…YAY! I am waiting to hear back from their “Expert Hands” team on what they think the problem is…Live Chat guy left me with this: “Our support ensures that the server is operational. I have confirmed that your server is responding to ping and that the control panel loads without issue.”

    I have decided to move our hosting, domains, email and ALL our services to another company ASAP. Too bad for Danica Patrick…her boobs couldn’t keep us around, I’m more for the intellectual type, like the kind that can offer proper customer service, and fix the problems that their customers had nothing to do with!

    Sorry for ranting…but I feel a little better now.

  39. GoDaddy’s is the worst ever customer support I encountered. Their email plans cost me money, cost me my reputation and ruined my business. I curse GoDaddy and wish they’d all die – honestly, they were that horrible!!!

  40. Am cut/paste ‘ing summary of my frustration with GoDaddy
    __________________
    is there anyone who can address the problem. 36hrs X 3 times previously and more than 8hrs down time already on this occurrance. All this in less than 30 days … and my anger is in ” in violation of your Community Terms of Service.”
    Is there a response mechanism!!!
    – Hide quoted text –

    On Sun, Oct 2, 2011 at 8:25 PM, wrote:

    24/7 Sales & Support: (480) 505-8877 – 24/7 Billing Support: (480) 505-8855

    Our support staff has responded to your request, details of which are described below:

    Discussion Notes
    Support Staff Response
    Dear Valued Customer,

    Your Community post was deleted because it was in violation of our Community Terms of Service.

    Your post:
    @timb The whole response thing seems to be a joke @godaddy!! You guys have a limited vocab and repeat yourselves on every post with blah! blah!….. The customer spends a lot of time (10 times your support teams contribution on problem resolution) on providing details of the issue and your support starts with denial of the existence of any issue whatsoever… forcing the customer to spend more time to defend his case of the issues existence. Then your support team acknowledges the issue and express inability to confirm an eta and the mail ends with something like… please let us know if we can help you with anything else… finally you never come back with a resolution confirmation and the cycle repeats ad infinitum. I should know… coz i am on the receiving end.

    Please feel free to rewrite your post to comply with our content guidelines and resubmit it. We value your feedback and comments and thank you for your continued participation in Go Daddy Community.

    Regards,
    Go Daddy Community

  41. GoDaddy Sucks!!! : Update on my earlier post above

    28 hrs and a promise of “has been relayed to our Advanced Technical Support Team. Our most skilled technicians will be working to resolve your issue quickly and completely. You will be notified promptly upon resolution.” 17 hrs ago and the problem is where its was. Please help!!!!

Leave a Comment

*