GoDaddy Hosting Compromised

If you have sites hosted with GoDaddy you should probably check on them. There are numerous reports of GoDaddy sites being attacked with malicious code injected in the sites. At first it appeared to be a WordPress vulnerability, but Joomla and other sites are also being attacked. You can read first-hand accounts at NamePros and at the WordPress.org forum. Please note that this does not affect you unless you use their hosting services. Domains registered at GoDaddy are still safe if you are pointing the domains elsewhere, such as a parking company.

A poster at WordPress.org posted the following “official” response from GoDaddy (although I was unable to find this on their site):

Timeline of Events:

April 7: Database injections are identified on our WordPress hosted accounts.

Actions: websites are scanned and cleaned and steps are commenced to contain the issue.

April 16: Additional malicious code appears on customers’ website files.

Actions: operations team continues to run scans that identify code and clean customer websites.

April: 18-24: The criminals dynamically inject code on customers’ websites and change signatures each time. The criminals add viruses and/or malware to customers’ sites.

Actions: security and network experts work to contain the infections and prevent additional issues.

April 25-present: Security and network teams confirm that security measures continue to contain the malicious code.

Ongoing: We continue to monitor and implement additional measures as needed to protect our customers. Customers who have not logged in to their sites for at least three weeks are now reporting infections and are being escalated to technical services. The security team confirmed that these are not new cases of infections.

Share this:

Like this:

Related

Leave a Reply Cancel reply