I'll never use GoDaddy. They've been fronting their customers for literally decades. Few times I searched for a domain, the next day I search for it find it already reserved by them and on sale for hundreds of dollars instead of the regular $10 it was the day before. They've been abusing their power for as long as they've been in business.
> Few times I searched for a domain, the next day I search for it find it already reserved by them and on sale for hundreds of dollars instead of the regular $10 it was the day before.
I don't understand how that could possibly be profitable. Imagine how many searches there must be for new domains every day. There is no way they could afford to buy all of the domains that people searched for.
And if they had any means of measuring how "good" a domain name is, in order to filter the searches that people make, and front run only the ones looking for good domain names – I don't think that would make sense either. If you were able to reliably measure how good a domain name was you could just buy the domain name right away without waiting for any customers to search for the domain.
Anyway, for anyone that is looking for a registrar to use I recommend that you stay away from GoDaddy. Register your domains with Gandi.net, they are nice and good. https://www.gandi.net/en-GB
> Few times I searched for a domain, the next day I search for it find it already reserved by them and on sale for hundreds of dollars instead of the regular $10 it was the day before.
I can confirm this experience, on 2 occasions when I looked up a very specific (and definitely not common) domain, they were suddenly reserved by GoDaddy and sold for a premium price. Not hundreds, but like 50-150 instead of 12.
I can't prove it, of course, but after hearing about those problems with GoDaddy multiple times it just seems too convenient for them to be a coincidence.
One other explanation (though i am fairly certain godaddy was fronting you), is if they include any third party ping/script etc, and that script/ping gets referrer or the url of the page, someone malicious 3p could also do this...
> A GoDaddy spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today
This is just a sign of GoDaddy's complacency. I use Godaddy for domain registrations only. Yet I had my account taken over with a sim card attack/swap and they spent so long to fix the issue that domains where transfered without locking.
Web Hosting, particularly 'shared' hosting is extremely prone to regular banal attacks and requires extreme constant attention, customers less tech savvy would choose it for the very reason they know the Godaddy name, they're expecting them to look after the tech work.
A Multi-Year breach is an incredible display of incompetence and neglect. I have no idea what the security/monitor team are doing there but someone definitely dropped the ball, especially given the fact they admit that the 2020 break was related. It should have been and open and shut case from there.
When I first set up my company's website it was hosted at GoDaddy. Totally static site. It got 'hacked' one day, with new php files and redirecting users to some nonsense. This was August 2016. The ftp server had a very long, random password. I changed it again after this.
It happened *again* March 2017, though different files were added. After this I moved my site to Digital Ocean.
I never found out how this happened.
Does anyone know how long this has been going on? The article didn't give a definitive start date.
One of my relatives had a similar thing happen a few years ago, though not at GoDaddy.
In this particular case, they had "shared hosting" and it turned out the permissions on their particular directory were somehow left writeable by "other". In the *nix filesystem sense.
eg any other customer/user/etc on the server was able to overwrite the files. Which someone had done at some point.
Was easy to fix at the time (eg fix the permissions), but I have no idea if it occurred again over time.
There seem to be three incidents and all after 2020.
But FTP - unless godaddy enforced TLS connections on that - which back in 2016 probably not because it would have been a support burden this could has easily have been password sniffed.
Long long ago, I needed a new website hosted and with no other decision towards the host than I had never tried GoDaddy, I gave it a shot. Within hours, I regretted the decision immensely. In comparison to my previous hosting experiences, it just pissed me off at almost every turn. It was the first time I experienced a company trying to make the interface for non-techy types and made getting to the guts of the tech hidden behind many layers that just frustrated me to no end. I canceled my account and have never looked back.
It is just another one of the examples of a company that advertises that intensely is probably a company I don't really want to be involved.
For me, this company was Network Solutions. Never have I ever dealt with a thing so bizzare. They even uppercased my email address when communicating with me.
I tried it once as well, maybe ten years ago. The annoying thing not yet mentioned is that it tries to upsell you at every step. You quickly realize that steps have been added for additional upsell opportunities.
Then the "elephant shooter" drama happened and I moved to namecheap and didn't look back. Was a breath of fresh air in comparison.
I didn't see a way to delete my gd account, so think it is still there. Hope my data didn't get out again. :doh:
It's sad because I used to remember a long LONG time ago they exposed a bunch of things that other registrars required you to email or call support to do. That stuff is still there, but otherwise the whole site just feels slimy.
Law enforcement (to GoDaddy): "well it went on for years from what we can tell. Whoever did this is more sophisticated than a bunch of impulsive teenagers 'joyriding'".
GoDaddy PR (to world): The attackers were sophisticated, the cops said so!
What a disgrace of a platform. I'd understand dropping a c99 on a cPanel back in early 2000s but these days? What are the engineers doing at the company, collecting a paycheck and pretending to do work?
Speaks volumes for the culture being cultivated at GoDaddy.
I agree that this is bad but I'd encourage you to rethink your comment. The "clown engineers" you are calling out maintain a level of uptime and scale thats hard to for most people to imagine. You don't do that by being an idiot.
Instead of calling them names and assuming bad intent, maybe take a second to think about how much it must suck for them right now. I'm sure it's all hands on deck nights/weekends to fix. No one sets out to do a bad job in my experience.
There isn't enough info for how the compromise happened and it may not be related to cpanel at all. What I find interesting is in 2017 godaddy bought Sucuri which monitors and cleans up malware, not sure if they still own it - but combining securi and shared hosting makes the most sense. Most of these cpanel hosts (excluding godaddy) are using products like CloudLinux+Imunify360 to better secure sites, clean up malware automatically. Godaddy is already outsourcing their cpanel control panel, it would only make sense to do what others in their space are doing and automatically be adding security products to theirs sites. Like - a c99 shell - would never make it on an imunify360 server it would be immediately detected and disabled.
I feel like a lot of these older platforms are being shown to be as rickety as they actually are, as malware and hacking toolkits improve and proliferate. Bad practices are going to show through, bigtime with this next cold war the US is entering.
Wow, multi-year is truly embarrassing. Hosts being compromised is the the worst case scenario because the attacker can decide who to serve the malware to in a spearphishing fashion.
It happens to more companies than you'd imagine, even big ones. Security monitoring and logging is hard to get right, especially if you try to add it to a previously insecure system.
A smart attacker can hack your company unnoticed and passively watch your company for the right moment to strike. I doubt that the hackers logged into the office VPN every day.
I hate blaming the victim, but so much bad press had come out against GoDaddy it's like complaining that the bear hurt you when you went into it's den and disturbed it.
I am not surprised at all. Maybe 7 years ago I got called in to clean up a website "hack" where the site had a bunch of malicious JS on it. Site was hosted on GoDaddy.
Pulled the site down locally and started the regular process of find/remove, but nothing was showing up. Hosting the site locally, the JS wasn't being put on the page. Checked all the server files for stuff like php.ini, user.ini, etc etc. Nothing was showing up.
Created a plain info.php file on the account. That had the JS injected into it.
Started searching for other sites with the same JS, found a bunch, dozens. Started a search for "neighbor" sites to the one I was investigating, ones that most likely were on the same server. They ALL had the JS injected. Server was owned.
I alerted the client and sent a note into GoDaddy, like you need to check this out. Got a response that it was impossible for the server to be compromised and I should buy their Sitelock service for security. Instead we requested a migration to another server and that cleared up the issue.
For DNS, I have been using Gandi (1) for the last yen years or so and have been very happy with them. I originally went with them because they were one of the few registrars that did the .cat TLD. I liked the experience and eventually transferred all of my domains to them.
They are a french company. Their slogan is "No Bullshit," (2) and I think they've done a decent job of living up to that.
My only frustration has been a situation where I was transferring an existing domain over to them. I wanted to create the zone file ahead of time so that when the transfer happened, there would be an identical zone file ready to go. But they wouldn't allow me to create a zone file for a domain that hadn't transferred over to them yet. Since I'm not doing anything critical with my domains, it was just an annoyance, but that would be a show-stopper for some.
As it pertains to billing problems, they allow you to pre-pay a chunk of money to your account. (They take PayPal.) It deducts from that amount when domains renew. That provides a buffer if you need to cancel your credit card.
Also, on the occasions that I have created trouble tickets, they have been responded to in a reasonable amount of time with helpful information.
For web hosting, I used Bluehost for many years and because extremely dissatisfied with them. I switched to Siteground.com about five years ago and have very little to complain about.
There are many others I can vouch for. There's a good list of them here[0]. Make sure to choose ones that have proper 2FA as it's a good heuristic for how well they consider security.
I must be making a huge mistake somewhere, but my registrar is AWS. It's no nonsense.
I'm sure recommending AWS for hosting is not what you're looking for, but I've been running a static website on S3 fronted by their CDN and it's been nothing but painless.
Godaddy. One of the most horrible companies. Always was. Bob Parsons is a sad individual with many lovely quotes attesting to that fact. Hope this ends them.
Are you saying that other hosting companies in the same level of complexity are just better, or possibly alluding that other companies might not be upfront about things occurring within their orgs? Either way, it really sounds a lot like you're minimizing the negligence and just poorly run company.
[+] [-] sn_master|3 years ago|reply
[+] [-] codetrotter|3 years ago|reply
I don't understand how that could possibly be profitable. Imagine how many searches there must be for new domains every day. There is no way they could afford to buy all of the domains that people searched for.
And if they had any means of measuring how "good" a domain name is, in order to filter the searches that people make, and front run only the ones looking for good domain names – I don't think that would make sense either. If you were able to reliably measure how good a domain name was you could just buy the domain name right away without waiting for any customers to search for the domain.
Anyway, for anyone that is looking for a registrar to use I recommend that you stay away from GoDaddy. Register your domains with Gandi.net, they are nice and good. https://www.gandi.net/en-GB
[+] [-] 2pEXgD0fZ5cF|3 years ago|reply
I can confirm this experience, on 2 occasions when I looked up a very specific (and definitely not common) domain, they were suddenly reserved by GoDaddy and sold for a premium price. Not hundreds, but like 50-150 instead of 12.
I can't prove it, of course, but after hearing about those problems with GoDaddy multiple times it just seems too convenient for them to be a coincidence.
[+] [-] krimpenrik|3 years ago|reply
[+] [-] tehlike|3 years ago|reply
[+] [-] bilekas|3 years ago|reply
This is just a sign of GoDaddy's complacency. I use Godaddy for domain registrations only. Yet I had my account taken over with a sim card attack/swap and they spent so long to fix the issue that domains where transfered without locking.
Web Hosting, particularly 'shared' hosting is extremely prone to regular banal attacks and requires extreme constant attention, customers less tech savvy would choose it for the very reason they know the Godaddy name, they're expecting them to look after the tech work.
A Multi-Year breach is an incredible display of incompetence and neglect. I have no idea what the security/monitor team are doing there but someone definitely dropped the ball, especially given the fact they admit that the 2020 break was related. It should have been and open and shut case from there.
[+] [-] reaperducer|3 years ago|reply
As someone who has waited on hold with GoDaddy support for over six hours on multiple occasions, this does not surprise me.
[+] [-] avsteele|3 years ago|reply
When I first set up my company's website it was hosted at GoDaddy. Totally static site. It got 'hacked' one day, with new php files and redirecting users to some nonsense. This was August 2016. The ftp server had a very long, random password. I changed it again after this.
It happened *again* March 2017, though different files were added. After this I moved my site to Digital Ocean.
I never found out how this happened.
Does anyone know how long this has been going on? The article didn't give a definitive start date.
[+] [-] justinclift|3 years ago|reply
In this particular case, they had "shared hosting" and it turned out the permissions on their particular directory were somehow left writeable by "other". In the *nix filesystem sense.
eg any other customer/user/etc on the server was able to overwrite the files. Which someone had done at some point.
Was easy to fix at the time (eg fix the permissions), but I have no idea if it occurred again over time.
[+] [-] quags|3 years ago|reply
But FTP - unless godaddy enforced TLS connections on that - which back in 2016 probably not because it would have been a support burden this could has easily have been password sniffed.
[+] [-] iLoveOncall|3 years ago|reply
[+] [-] dylan604|3 years ago|reply
It is just another one of the examples of a company that advertises that intensely is probably a company I don't really want to be involved.
[+] [-] groestl|3 years ago|reply
[+] [-] mixmastamyk|3 years ago|reply
Then the "elephant shooter" drama happened and I moved to namecheap and didn't look back. Was a breath of fresh air in comparison.
I didn't see a way to delete my gd account, so think it is still there. Hope my data didn't get out again. :doh:
[+] [-] chanandler_bong|3 years ago|reply
https://www.dailymotion.com/video/x9v5p4
[+] [-] bombcar|3 years ago|reply
[+] [-] mmcgaha|3 years ago|reply
[+] [-] greatgib|3 years ago|reply
[+] [-] sophacles|3 years ago|reply
GoDaddy PR (to world): The attackers were sophisticated, the cops said so!
[+] [-] skilled|3 years ago|reply
Speaks volumes for the culture being cultivated at GoDaddy.
[+] [-] localghost3000|3 years ago|reply
Instead of calling them names and assuming bad intent, maybe take a second to think about how much it must suck for them right now. I'm sure it's all hands on deck nights/weekends to fix. No one sets out to do a bad job in my experience.
[+] [-] quags|3 years ago|reply
[+] [-] Tostino|3 years ago|reply
[+] [-] vxNsr|3 years ago|reply
[+] [-] jeroenhd|3 years ago|reply
A smart attacker can hack your company unnoticed and passively watch your company for the right moment to strike. I doubt that the hackers logged into the office VPN every day.
[+] [-] jasonlotito|3 years ago|reply
Friends don't let friends use GoDaddy.
[+] [-] rograndom|3 years ago|reply
Pulled the site down locally and started the regular process of find/remove, but nothing was showing up. Hosting the site locally, the JS wasn't being put on the page. Checked all the server files for stuff like php.ini, user.ini, etc etc. Nothing was showing up.
Created a plain info.php file on the account. That had the JS injected into it.
Started searching for other sites with the same JS, found a bunch, dozens. Started a search for "neighbor" sites to the one I was investigating, ones that most likely were on the same server. They ALL had the JS injected. Server was owned.
I alerted the client and sent a note into GoDaddy, like you need to check this out. Got a response that it was impossible for the server to be compromised and I should buy their Sitelock service for security. Instead we requested a migration to another server and that cleared up the issue.
[+] [-] miked85|3 years ago|reply
[+] [-] webdood90|3 years ago|reply
there are a ton of hard working people at GD that care a lot about the products we make. I don't think that's a fair assessment.
[+] [-] youniverse|3 years ago|reply
I've tried A2 and NameHero and both were very solid along with fast/great support.
Anything else I should look into?
[+] [-] chriscjcj|3 years ago|reply
They are a french company. Their slogan is "No Bullshit," (2) and I think they've done a decent job of living up to that.
My only frustration has been a situation where I was transferring an existing domain over to them. I wanted to create the zone file ahead of time so that when the transfer happened, there would be an identical zone file ready to go. But they wouldn't allow me to create a zone file for a domain that hadn't transferred over to them yet. Since I'm not doing anything critical with my domains, it was just an annoyance, but that would be a show-stopper for some.
As it pertains to billing problems, they allow you to pre-pay a chunk of money to your account. (They take PayPal.) It deducts from that amount when domains renew. That provides a buffer if you need to cancel your credit card.
Also, on the occasions that I have created trouble tickets, they have been responded to in a reasonable amount of time with helpful information.
(1) https://www.gandi.net (2) https://www.gandi.net/en/no-bullshit
For web hosting, I used Bluehost for many years and because extremely dissatisfied with them. I switched to Siteground.com about five years ago and have very little to complain about.
[+] [-] disadvantage|3 years ago|reply
https://www.ovhcloud.com/en/
https://asmallorange.com/
There are many others I can vouch for. There's a good list of them here[0]. Make sure to choose ones that have proper 2FA as it's a good heuristic for how well they consider security.
[0] https://2fa.directory/int/#hosting
[+] [-] unknown|3 years ago|reply
[deleted]
[+] [-] philistine|3 years ago|reply
I'm sure recommending AWS for hosting is not what you're looking for, but I've been running a static website on S3 fronted by their CDN and it's been nothing but painless.
[+] [-] kennydude|3 years ago|reply
(i have a discount/referral code if you want it - contact form on website)
[+] [-] jonathantf2|3 years ago|reply
[+] [-] muttantt|3 years ago|reply
[+] [-] rdiddly|3 years ago|reply
[+] [-] anonzzzies|3 years ago|reply
[+] [-] djcannabiz|3 years ago|reply
[+] [-] goodfight|3 years ago|reply
[+] [-] unknown|3 years ago|reply
[deleted]
[+] [-] legrande|3 years ago|reply
[+] [-] dylan604|3 years ago|reply