

GoDaddy apparently uninterested in fixing their security hole - mvandemar
http://smackdown.blogsblogsblogs.com/2010/05/13/hosting-with-godaddy-might-want-to-rethink-that-decision/

======
ihumanable
tl;dr Sucks to get hacked, GoDaddy is about to lose a customer.

I got hit this morning with the exact exploit mentioned here, I was able to
clean out the codebase and get a half-working site back up just so I could
close it out properly. I felt awful, I was keeping everything up to date,
following security best practices, I couldn't figure out what had went wrong.
This article is making me completely rethink GoDaddy as a host, namecheap will
probably be getting my business pretty soon.

What's even more disheartening is that until this point I have never really
had a reason to dig into the WordPress code, when I did I found ridiculous
"easter eggs" that to my well trained PHP eyes looked like malicious code. It
wasn't until I verified that it was release code and was meant to look that
way did I realize it wasn't part of the exploit. Take a look at wp-
admin/revisions-js.php and tell me it doesn't look like some dirty exploit is
hiding in there.

~~~
andfarm
I think you mean js/revisions-js.php. I'm pretty sure what dvortr() is
supposed to do there... it is pretty suspicious-looking, though!

------
bcl
And for more reasons not to use GoDaddy - <http://nodaddy.com>

I moved all of my domains (60+) from them to namecheap after they killed off
Fydoor's seclists.org domain without any warning.

Before that I had sampled their virtual domain hosting accounts, and
unfailingly found their tech support to be clueless.

~~~
Locke1689
I'd like to throw in my hat for <http://dyndns.com>. I've been a paying
customer for about 5 years and have never had any significant problems. Their
customer service is also quite good, in my experience.

------
schindyguy
Another wordpress blog hosted on godaddy that got hacked. Luckily, I caught it
when it started redirecting and was able to restore the hosting account to a
week prior. Coincidently I was moving my hosting over to media temple that
weekend and fortunately didn't move the virus over.

After the headache that godaddya vulnerability caused, they sent me the exact
same bullshit about updating wordpress. I have and always have updated
wordpress and plugins within days of a new release.

Godaddy is for registering domains only, I learned that the hard way last
weekend...

Also, I was in contact with a couple of people making money off of the base64
vulnerability: they have packages specifically for cleaning and securing the
install. What's funny is that they have no way of securing it, just
temporarily cleaning it until it gets hacked again. The article has some
advice and you check out their services:

[http://www.wpsecuritylock.com/cechriecom-com-script-
wordpres...](http://www.wpsecuritylock.com/cechriecom-com-script-wordpress-
hacked-on-godaddy-case-study/)

------
johnkary
So you found the exploit code, nice work. But you can't actually say how it
got there? Prove it's not a WordPress 0day vulnerability allowing the file to
be created.

I understand your frustration with being stonewalled by GoDaddy support, but
look at it from their end. Unless you can prove it's a vulnerability in their
service, why should they take action?

~~~
mvandemar
In order for it to be a Wordpress vulnerability there would need to be a
corresponding entry in the http logs showing the request, either a GET or a
POST, hitting whichever exploitable file it was within Wordpress itself. There
is no such server request.

This is something that they could have seen in about 2 minutes of opening the
http file and visually scanning the few hundred requests prior to the file in
question being created.

Why should they take action? Really? Your replying as if "taking action" means
something more than not ignoring potentially actionable information.

Btw... they do not make any of the other logs available to their tech support,
let alone their customers. They should look into it because only they _can_
look into it. To suggest that they were in the right in not at least checking
it out seems an odd stance to take, tbh.

------
mey
The issue is effecting WordPress sites, unclear if anything else. I assume not
DNS.

Who uses GoDaddy for anything besides DNS?

~~~
mvandemar
Way more people than I would have thought, actually. They really upsell their
hosting and other addons when you buy a domain, even if you are an existing
customer. Unfortunately this results in a large number of non-technically
oriented people as their clients, who wind up needing the most help when
things go wrong.

------
pierrefar
This seems to be a trend with GoDaddy:
<http://blogsearch.google.com/blogsearch?q=godaddy+hack>

------
TallGuyShort
I'm constantly disappointed in how GoDaddy's treatment of customers has gone
down. It used to be really good, but now it's all marketing ploys, sending
customers in mazes until they give up, and nickel-and-diming every purchase.

------
CoachRufus87
this is exactly why I switched to namecheap not long ago

------
known
I think they lack competencies to fix the bug.

