

GoDaddy shared servers compromised – .htaccess redirection to sokoloperkovuskeci - sucuri2
http://blog.sucuri.net/2011/09/godaddy-shared-servers-compromised-htaccess-redirection-to-sokoloperkovuskeci-com.html

======
RandallBrown
I've been getting a ton of people signing up for my GoDaddy hosted WordPress
blog the last couple of days. All the email addresses were things like
adfa@gmail.com.

Usually I get 2 or 3 signups a month. The last 2 days I've gotten 10 to 15 a
day.

I've kept my WordPress install up to date though and I don't appear to be
compromised. I wonder if that was part of the attack.

~~~
bobbywilson0
This was probably not part of the attack. The attack simply redirects incoming
requests to another site. If your site was affected, you wouldn't have had any
sign ups because your site would have been redirecting to the bogus site
before it even reaches your page.

~~~
RandallBrown
I was thinking more of something like someone was attempting to exploit a
vulnerability in the signup form.

~~~
alnayyir
I just saw this exact conversation a month ago.

Serious Deja Vu.

------
sev
Someone commented on the posted article that the compromise seems to be from
Godaddy itself. What I'm thinking is someone used a vulnerable 3rd party
script hosted on a shared server, then somehow got root or escalated
privileges and compromised all or most of the sites hosted on the shared
server. If the issue was Godaddy itself being hacked, I would assume it would
affect all servers, not just the shared one(s).

~~~
soult
If somebody managed to compromise other customer's accounts via one shared
hosting account, even if it is limited to a single server, then I would
consider this as Godaddy being hacked.

------
dibarra
Does GoDaddy use Fantastico? I know we recently patched our servers for
<http://www.1337day.com/exploits/16512>

Not sure if GoDaddy did (or needs to) do the same.

~~~
libraryatnight
I don't think so, they use their own system branded the "hosting connection."
It could just be fantastico with their own skin thrown on, I suppose, but it
looks like their own thing to me.

------
drivebyacct2
Good thing we have these stories once a week to remind us not to use GoDaddy.
Maybe people will start listening.

~~~
AzAngel
I thought GoDaddy commercials were enough to make people not want to use
GoDaddy.

