June 26, 2017

An Attack on GoDaddy’s Web Servers

Filed under: Main — admin @ 12:01 am

I host Wambooli, as well as my other websites, on GoDaddy. I’ve been doing so for years, ever since my old and despised web hosting provider was consumed by GoDaddy around the turn of the century. I know that many web developers don’t like GoDaddy, but I’ve tolerated them. Until now.

Web hosting is a step in the process of getting a web page up and running — if you want to be professional about things. Otherwise, you can use a hosting service that cobbles together a site for you, along with their own advertising. I prefer to go pro.

First comes registering the domain name. I own plenty of domain names, but not everyone is associated with a website. To link a domain name to a website, you must park the site somewhere. So, second, you pay for a web hosting account. Then you link the domain name to the hosting account and Internet magic does the rest.

For my two main sites, and, both the domain and hosting are provided by GoDaddy. Another domain I own is registered through GoDaddy, but the website is parked on a Google Sites server.

Beyond paying the registration and hosting fees (which aren’t cheap), I pretty much leave GoDaddy alone. I access the sites via FTP and manage the content through Adobe’s Dreamweaver application or directly through software I’ve written.

Then came a warning from GoDaddy: One of my sites had malware!

I freaked out, which is to be expected. A quick look at the site’s files showed a clutch of unknowns. I quickly removed them and re-uploaded the entire site. I also changed the site’s password. Then I checked my other sites.

Sure enough, another site showed signs of a hack. I removed the malware, re-uploaded the site, and changed the password.

That’s when I suspected that the problem wasn’t with my sites, which are pretty secure, but with GoDaddy. After all, two separate site hacks seems kind of odd. Both sites have different and highly-secure passwords. So I did a quick search and discovered that the weakness lies in GoDaddy’s own servers, which are full of holes aggressively probed by the Bad Guys.

Here’s the kicker: For an extra fee, you can upgrade your site’s security so that the attacks don’t happen. Yes, pay GoDaddy extra money and they’ll plug the holes GoDaddy knows about and refuses to fix.

What’s worse is that I discovered this problem freshly after I paid for another year of hosting. Had I known before, I would have switched hosting to another service, one that bothers to patch the holes in its servers so that hosted sites aren’t attacked.

This is my final year with GoDaddy web hosting. I’ve had a good run and few complains. If they fix the problem, then I’ll stick around, but I doubt that will happen.

No Comments

No comments yet.

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Copyright © 2019 Quantum Particle Bottling Co.
Powered by WordPress