GoDaddy out of control - Sites hacked again (opens in new tab)

(blog.sucuri.net)

32 pointsfseek16y ago17 comments

17 comments

17 comments · 8 top-level

sucuri216y ago· 4 in thread

These attacks are being done by the same group. In the last few weeks, they used:

http :// www.indesignstudioinfo. com http :// zettapetta. com http :// holasionweb. com http :// www. losotrana. com

All of them registered by the same person (and hosted at the same IP). I had my share of problems with GoDaddy, but let's not forget that they are victims as well.

mvandemar16y ago

And it would be almost kind of ok if they actually said, hey, we're victims here too... instead of their actual ongoing response to their customers of "it's not our problem".

Yes, publicly they are making some (very limited) concessions that this is an issue they need to deal with, but I am still hearing about customers getting 0 help from GoDaddy's support. Even when they did admit to the problem not being the customer's faults they tried watering it down with "well, look... it's not just us. Other hosts got hit too".

The other hosts, however, aren't laying claim to being the "world's largest hosting provider", nor are they spending millions on the next Super Bowl commercial that might better be spent on, oh, I don't know... maybe fixing the problem...?

wdewind16y ago

Once, sure they are victims.

After 3 times, plus all the other security issues that have been raised about godaddy, this is incompetence, not victimhood.

kevingadd16y ago

I would suggest changing those so they aren't active hyperlinks.

sucuri216y ago

Good idea, fixed.

kristofferR16y ago· 4 in thread

It common knowledge that shared servers at GoDaddy never have been anything better than average, but a lot of people think that GoDaddy still is the place to go for domains. Trust me, there are a lot of better options out there.

I really like http://www.internet.bs

Their domains are the among the cheapest on the internet (7.15$ with free privacy settings, Godaddy would take over 20$ for the same offer), they have great support, a great API, and a simple (although ugly) website/domain registration process. GoDaddy on the other hand, has a completely bloated UI designed into tricking you into buying a lot of junk that you don't need.

sireat16y ago

Thing is, GoDaddy domains are similarly cheap if you use the widely available coupons. My last renewals were around $7. I am pretty sure no one is disputing bloat on GoDaddy UI... even Bob Parsons.

That said, Namecheap is another good registrar, which I have had occasion to use.

tdupree16y ago

It seems just about any choice is better than godaddy. I have found 1and1 to be pretty decent. Private registration, decent control panel, and around $7 as well.

e4016y ago

I'll second namecheap. I've used them for years and really like them.

docgnome16y ago

I've been seriously considering moving my domain from GoDaddy. For me though price isn't really an issue. In fact, because I have a .me domain it will end up being about 20 bucks a year no mater where I go.

oscardelben16y ago· 1 in thread

I'm not surprised. I use godaddy for hosting domain names but their interface seems really complex. This makes me think that they have an even more complex infrastructure with possibly many holes. It's also possible that they don't have yet fixed the issue because of internal bureaucracy.

eli16y ago

http://twitter.com/hotdogsladies/status/1553046234

fseekOP16y ago

I am definitely moving away from GoDaddy. I had some small sites on their shared servers that just got hacked again..

If you are not following, this is the 3rd mass hack at godaddy in just a few weeks:

http://smackdown.blogsblogsblogs.com/2010/05/13/hosting-with... http://blog.sucuri.net/2010/05/found-code-used-to-inject-mal...

vegashacker16y ago

Headline should be edited to "GoDaddy sites hacked again."

eli16y ago

Is it possible that some group is just targeting GoDaddy-hosted blogs for attack, or is it definitely a failure in their shared server security?

sireat16y ago

I had a friend who was hosting at a relatively small ISP who got attacked similarly. Luckily, those attackers were very clumsy and broke HTML in process (didnt close tags properly), making detection very easy.

I was researching a bit on how these attacks are done, but still not sure on details.

Someone gains root on host machine and then gets to the individual instances?

drivebyacct16y ago

The fact that HN users use GoDaddy for hosting is... well let's just say it challenged some of my lofty assumptions about the intelligence of HN users.

j / k navigate · click thread line to collapse

17 comments

17 comments · 8 top-level

sucuri216y ago· 4 in thread

These attacks are being done by the same group. In the last few weeks, they used:

http :// www.indesignstudioinfo. com http :// zettapetta. com http :// holasionweb. com http :// www. losotrana. com

All of them registered by the same person (and hosted at the same IP). I had my share of problems with GoDaddy, but let's not forget that they are victims as well.

mvandemar16y ago

And it would be almost kind of ok if they actually said, hey, we're victims here too... instead of their actual ongoing response to their customers of "it's not our problem".

wdewind16y ago

Once, sure they are victims.

After 3 times, plus all the other security issues that have been raised about godaddy, this is incompetence, not victimhood.

kevingadd16y ago

I would suggest changing those so they aren't active hyperlinks.

sucuri216y ago

Good idea, fixed.

kristofferR16y ago· 4 in thread

I really like http://www.internet.bs

sireat16y ago

Thing is, GoDaddy domains are similarly cheap if you use the widely available coupons. My last renewals were around $7. I am pretty sure no one is disputing bloat on GoDaddy UI... even Bob Parsons.

That said, Namecheap is another good registrar, which I have had occasion to use.

tdupree16y ago

It seems just about any choice is better than godaddy. I have found 1and1 to be pretty decent. Private registration, decent control panel, and around $7 as well.

e4016y ago

I'll second namecheap. I've used them for years and really like them.

docgnome16y ago

oscardelben16y ago· 1 in thread

eli16y ago

http://twitter.com/hotdogsladies/status/1553046234

fseekOP16y ago

I am definitely moving away from GoDaddy. I had some small sites on their shared servers that just got hacked again..

If you are not following, this is the 3rd mass hack at godaddy in just a few weeks:

http://smackdown.blogsblogsblogs.com/2010/05/13/hosting-with... http://blog.sucuri.net/2010/05/found-code-used-to-inject-mal...

vegashacker16y ago

Headline should be edited to "GoDaddy sites hacked again."

eli16y ago

Is it possible that some group is just targeting GoDaddy-hosted blogs for attack, or is it definitely a failure in their shared server security?

sireat16y ago

I was researching a bit on how these attacks are done, but still not sure on details.

Someone gains root on host machine and then gets to the individual instances?

drivebyacct16y ago

The fact that HN users use GoDaddy for hosting is... well let's just say it challenged some of my lofty assumptions about the intelligence of HN users.

j / k navigate · click thread line to collapse