Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×

112 comments

I like their commercials (5, Funny)

BadAnalogyGuy (945258) | more than 4 years ago | (#31985210)

Their hosting services are pretty spotty, from what I've heard. On the other hand, they have commercials that really appeal to me.

The redirect leads you to the following URL: http://www2.burnvirusnow34.xorg.pl/ [burnvirusnow34.xorg.pl]

Goddamned Perl strikes again.

Re:I like their commercials (2, Insightful)

Locke2005 (849178) | more than 4 years ago | (#31985326)

Unless you've got a Danica Patrick fetish, there is a lot better porn than GoDaddy commercials available for free on the 'net. But then, I think anybody that selects GoDaddy for hosting without googling for the many complaints about their service probably deserves anything they get.

Re:I like their commercials (0, Offtopic)

BadAnalogyGuy (945258) | more than 4 years ago | (#31985338)

I don't have the internet, you insensitive clod.

Re:I like their commercials (1)

Yvan256 (722131) | more than 4 years ago | (#31985984)

How is that supposed to be a bad analogy, guy?

Re:I like their commercials (0)

Anonymous Coward | more than 4 years ago | (#31992872)

it's like he had internet

Re:I like their commercials (5, Insightful)

elysiana (1152995) | more than 4 years ago | (#31986286)

You know, a while back a friend of mine told me he had bought hosting at GoDaddy and was wondering if I'd help set up a site for him. I told him I wouldn't touch it until he got a better host, and he was shocked. His reaction was roughly, "What do you mean they're not reputable? They had Super Bowl commercials and everything!" Apparently people think that if a company spends millions on advertising, they must be upstanding.

I worry.

Re:I like their commercials (1)

hierophanta (1345511) | more than 4 years ago | (#31986648)

welcome your capitalistic lords. these are the tools of their trade

Re:I like their commercials (1)

conspirator57 (1123519) | more than 4 years ago | (#31987208)

social darwinism is not limited to capitalist economies. i herd u liek bread lines. troll.

Re:I like their commercials (4, Funny)

Locke2005 (849178) | more than 4 years ago | (#31987044)

Apparently people think that if a company spends millions on advertising, they must be upstanding.

Explain to them that Enzyte and ExtenZe also spend millions on advertising... upstanding indeed!

Re:I like their commercials (0)

Anonymous Coward | more than 4 years ago | (#31987532)

What are your top 3 hosting sites for comparable prices? ($10-15 per month). I'm not a web developer, but have set up a few simple sites for friends in the past. My searches for web hosting always seem to turn up things targeted to professionals (read: expensive) or shady looking sites.

Re:I like their commercials (1)

rjstanford (69735) | more than 4 years ago | (#31987954)

Its hard to go wrong with Dreamhost. Not perfect, of course, but very good value for very little money, and they've been around forever.

Re:I like their commercials (1)

Narcocide (102829) | more than 4 years ago | (#31989894)

Try out pair.com [pair.com] for basic stuff. If you're trying to do anything resembling real work, however (such as hosting commercial websites) you're going to want the physical hardware all to yourself and $10-15 simply isn't a reasonable price anymore. At that range ($75 and up) I'd recommend serverbeach.com [serverbeach.com] but only if you know what you're doing.

Re:I like their commercials (1)

Kvasio (127200) | more than 4 years ago | (#31992922)

in Europe a very competitive hosting is provided by OVH [ovh.co.uk] .
Depending on the language version you may get quotes in GBP or EUR, but despite that you should be able to purchase it from USA.

The question is if GoDaddy is trustworthy. (1)

Futurepower(R) (558542) | more than 4 years ago | (#31987868)

Re:The question is if GoDaddy is trustworthy. (0)

Anonymous Coward | more than 4 years ago | (#31989450)

While your points about GoDaddy being trustworthy have merit, your assumption that being in favor of closing Gitmo means someone is pro-violence is intellectually dishonest and wrong, as there are many valid reasons for wanting it to stay open, such as not wanting the detainees out free to attack again. Even though it's likely some of them are innocent, it's basically certain that some or most of them are guilty, and someone's being in favor of keeping there is more anti-violence than anything else. Stop letting your emotions lead you to believe things that aren't true.

Re:I like their commercials (1)

Bryansix (761547) | more than 4 years ago | (#31988188)

I worry more. Apparently people think companies are NOT upstanding when they have no evidence whatsoever to support that. I for one have used GoDaddy for domains and hosting for three years and had no problems and found their customer service to be excellent in the one time I had to call them to upgrade MySQL versions.

Re:I like their commercials (2, Informative)

WrongSizeGlass (838941) | more than 4 years ago | (#31985332)

The redirect leads you to the following URL: http://www2.burnvirusnow34.xorg.pl/ [burnvirusnow34.xorg.pl]

I was redirected to a few 'malwarename'.xorg.pl sites on Saturday when clicking links pointing to wbir.com from CNN. I notified WBIR with several e-mails but they hadn't addressed it as of 11pm last night. CNN pulled the link after 16 hours so I don't know if they just moved on to other stories or acted on the warings I sent.

I wonder if infected sites should be held accountable for PC's that get infected. Luckily I wasn't running Widows so the Setup_422.exe that downladed was harmless.

Re:I like their commercials (3, Interesting)

ircmaxell (1117387) | more than 4 years ago | (#31985474)

I wonder if infected sites should be held accountable for PC's that get infected.

I wonder if Godaddy should be held accountable for PC's that get infected. After all, it was on their servers, and they have the power to either pull the plug on the affected server(s) or to roll back backups (assuming they take backups). Considering this is a mass attack, does it imply that a weakness in their servers allowed the attack (As in one site was compromised, and the attacker gained access to the entire server through that one site)? If so, Godaddy is absolutely responsible. In fact, I would think they'd be liable to both the end users (people who got infected) and their customers for not adequately protecting them and affecting their reputation (Just take down the server already)...

Re:I like their commercials (2, Interesting)

WrongSizeGlass (838941) | more than 4 years ago | (#31985622)

It looks like the 'WP Admins' (if that's what we're calling them) used weak passwords for their hosting account, FTP and/or DB, used 'Admin' username and possibly even used the same password for all of them. Rocket surgery, indeed!

Re:I like their commercials (1)

Bearhouse (1034238) | more than 4 years ago | (#31986082)

Looks like they did not take their own advice, then.

http://help.godaddy.com/article/2653 [godaddy.com]

It's amazing how often 'Admin' etc. works...the other day I was invited by a CIO to take a look at their security, (which he thought was great; (they'd actually done a pretty good job).
Since they were in the middle of rolling out their new 'secure' portal, I tried 'demo' and 'demo'...worked fine, and with full access rights too...Oops

Re:I like their commercials (4, Insightful)

Lumpy (12016) | more than 4 years ago | (#31986506)

No it's a weakness of Wordpress, AND weak passwords.. Honestly, why is everyone all up in arms when a bunch of N00b's that dont know anything about site administration and security click on the one click install of wordpress and think it's an appliance because they are too damn cheap to buy wordpress hosting that has a team behind it making sure the stuff is updated and secure?

This is as much go-daddy's fault as a drunk drivers crash is Fords fault.

If you want a blog and not be a site admin then get it from http://wordpress.org/hosting/ [wordpress.org] and not worry about it. Otherwise dont come whining because you went for the lowest dollar hosting and are surprised that the cheap guy is not going to update your software for you.

Re:I like their commercials (0)

Anonymous Coward | more than 4 years ago | (#31986820)

No it's a weakness of Wordpress, AND weak passwords.. Honestly, why is everyone all up in arms when a bunch of N00b's that dont know anything about site administration and security click on the one click install of wordpress and think it's an appliance because they are too damn cheap to buy wordpress hosting that has a team behind it making sure the stuff is updated and secure?

This is as much go-daddy's fault as a drunk drivers crash is Fords fault.

If you want a blog and not be a site admin then get it from http://wordpress.org/hosting/ [wordpress.org] and not worry about it. Otherwise dont come whining because you went for the lowest dollar hosting and are surprised that the cheap guy is not going to update your software for you.

thats funny you post that link. maybe you should visit it yourself as it has a link to godaddy as approved wordpress hosting.

Re:I like their commercials (1)

MobyDisk (75490) | more than 4 years ago | (#31986848)

You are assigning the responsibility to the wrong person.

No it's a weakness of Wordpress, AND weak passwords

Do we know that this was because of a weakness in wordpress, or a weak password?

If N00b's that dont know anything about site administration and security click on the one click install of wordpress and think it's an appliance.

If someone makes a one-click install, and it has security holes in it, then it is not the fault of the user for using the one-click install. It is the fault of the creator of that install.

This is as much go-daddy's fault as a drunk drivers crash is Fords fault.

It probably would be Ford's fault if they had a one-click button that dispensed alcohol to the driver while the vehicle was moving. Why should an end-user have to be a security expert in order to have a blog?

Re:I like their commercials (0)

Anonymous Coward | more than 4 years ago | (#31986884)

Where is it stated that a WordPress vulnerability facilitated the attacks?

Re:I like their commercials (0)

Anonymous Coward | more than 4 years ago | (#31986946)

you do realize that your link gives godaddy as a recommended host, right? all those are one-click installs.

if you want to not worry, go to http://www.wordpress.com
you lose out on a lot of customizing, but don't have to worry about updates.

Re:I like their commercials (0)

Anonymous Coward | more than 4 years ago | (#31987338)

GoDaddy is listed on that linked site as one of the "don't worry about it" hosting providers...

Re:I like their commercials (0, Troll)

Khyber (864651) | more than 4 years ago | (#31988898)

"No it's a weakness of Wordpress, AND weak passwords.. "

Proof and full code documentation required for your claim, please. Exact sections with comments.

That's what I thought.

Re:I like their commercials (1, Interesting)

Anonymous Coward | more than 4 years ago | (#31985460)

I bet they're really glad they switched to Windows server a few years ago after Microsoft paid them to do so.

Linux servers only? (0)

Anonymous Coward | more than 4 years ago | (#31986616)

Actually, this source [wpsecuritylock.com] says that is only the LINUX servers that have been compromised so far.

Re:Linux servers only? (0)

Anonymous Coward | more than 4 years ago | (#31986726)

Actually, this source [wpsecuritylock.com] says that is only the LINUX servers that have been compromised so far.

so not only does root have a password, the password is toor

were just thinking of the chilren (0)

Anonymous Coward | more than 4 years ago | (#31985604)

....

Re:I like their commercials (0)

Anonymous Coward | more than 4 years ago | (#31986582)

umm... that's .pl as in Poland, not perl. I couldn't tell if that was sarcasm though.

What? (0)

Anonymous Coward | more than 4 years ago | (#31985212)

I find all of my own sites via Google you insensitive clod!

In Brazil (0)

Monkeedude1212 (1560403) | more than 4 years ago | (#31985214)

Google is also responsible for the hacking because they made themselves available to be referred.

Inconceivable! (4, Funny)

eldavojohn (898314) | more than 4 years ago | (#31985224)

But but when I registered for a hosting service on GoDaddy, their commercial lead me to believe that even stripping sexy models use GoDaddy so how could something like this happen to such a reputable and honest company?!

Re:Inconceivable! (2, Funny)

Thanshin (1188877) | more than 4 years ago | (#31985300)

their commercial lead me to believe that even stripping sexy models use GoDaddy

I don't really follow your line of reasoning. You want to use the same things stripping sexy models do?

So before GoDaddy you went for coke and rich old guys?

Re:Inconceivable! (1)

Daniel_Staal (609844) | more than 4 years ago | (#31986504)

I'd figure they probably have to have pretty good web servers, just to handle the amount of traffic...

Re:Inconceivable! (2, Funny)

jemtallon (1125407) | more than 4 years ago | (#31985302)

You keep using that word. I do not think it means what you think it means.

Re:Inconceivable! (3, Insightful)

elrous0 (869638) | more than 4 years ago | (#31985388)

It's hard to believe, but I used to refer clients to them back in the day. But those commercials put a stop to that. I'm not sure what they were trying to accomplish by running commercials more appropriate to Hooter's or a strip club chain. But if their goal was to drive away their serious customers, I'd say they picked the right strategy.

Re:Inconceivable! (1, Insightful)

Anonymous Coward | more than 4 years ago | (#31985464)

But if their goal was to drive away their serious customers, I'd say they picked the right strategy.

The Internet is serious business!

Re:Inconceivable! (4, Insightful)

Hatta (162192) | more than 4 years ago | (#31985694)

That probably was their strategy. McDonalds doesn't get a lot of business from serious diners, but they're not doing too badly. There's a lot of money to be made catering to the general public who's too ignorant to know good service from bad.

Re:Inconceivable! (0, Flamebait)

vlm (69642) | more than 4 years ago | (#31985828)

There's a lot of money to be made catering to the general public who's too ignorant to know good service from bad.

Their service is great, it just works 100%. Renewed my domain for ten years back in '05, expires in 2015. Never a problem. The service they provide to me, is pointing my domain name to my dns servers, thats all. I have no idea how much or little their other services may or may not suck, but its kind of pointless, like comparing the quality of the bottled apple juice at walmart to the quality of the hunting rifle ammo at walmart...

Now their marketing website currently looks like a very bad parody of an early tween-ager myspace page. And I've heard bad things about their customer service, but I'll only interact with them via website once per decade, so that puts them lightyears ahead of most major companies.

McDonalds would never survive if the average customer only visited once a decade, I'm missing the point of the endless stripper ads on TV.

Re:Inconceivable! (1, Insightful)

Anonymous Coward | more than 4 years ago | (#31986016)

The point is that not everyone has the same needs as you do. Most people talk to their hosting companies more than once per decade. For anyone who is with GoDaddy and has to talk to them often, its rather painful.

Re:Inconceivable! (2, Funny)

lwsimon (724555) | more than 4 years ago | (#31986250)

Did you renew for 10 years by chance because it took so long for their admin panel to load, you didn't want to have to do it again any time soon?

Re:Inconceivable! (0, Offtopic)

EMG at MU (1194965) | more than 4 years ago | (#31986052)

Whats with the dig at McDonald's customers?
Wanting a burger and fries in less than 5 min for less than 5$ != ignorant.
Wanting a website for less than 9$/month != ignorant.
Characterizing people that go to McDonald's as ignorant == ignorant.
Everyone knows fast food isn't fine dining, and that godaddy isn't business-grade web hosting. That doesn't mean there is no reason besides ignorance for using McDonalds and godaddy.

BTW, I have seen some very serious eaters at McDonalds.

Re:Inconceivable! (1)

Hatta (162192) | more than 4 years ago | (#31986402)

You'd have to be ignorant to consider what McDs sells a burger. Even if you don't care about quality, the value (quality per price) at McDs is much worse than average. Go spend $6 at Hardees instead of $5 and you get a burger that's worth a lot more than 120% of that greaseball McDs sells. If all you care about is price, go to Taco Bell and spend $3 and get just as many calories. On all 3 counts, quality, price, and quality:price ratio, McDonald's fails.

Re:Inconceivable! (1)

u38cg (607297) | more than 4 years ago | (#31990182)

MacDonald's provide an unbelievably good service. They serve something like half a billion Big Macs a year and vanishingly few of them contain cockroaches or dead rats or severed employee fingers. I'd like to see you do better ;)

Re:Inconceivable! (0)

Anonymous Coward | more than 4 years ago | (#31985784)

It's hard to believe, but I used to refer clients to them back in the day. But those commercials put a stop to that. I'm not sure what they were trying to accomplish by running commercials more appropriate to Hooter's or a strip club chain. But if their goal was to drive away their serious customers, I'd say they picked the right strategy.

Its a reflection of the owner, that dude [bobparsons.me] scores mad booty

Re:Inconceivable! (1)

elrous0 (869638) | more than 4 years ago | (#31987118)

As long as his shareholders are okay with him treating the company as a means of indulging his "Girls Gone Wild" fantasies, instead of treating it as a serious business, I suppose that's their prerogative. Personally, I would be embarrassed by the whole thing.

Re:Inconceivable! (1)

hierophanta (1345511) | more than 4 years ago | (#31986792)

I believe their goal was to make their name well known (a.k.a. brand recognition). they did this by any means necessary and it worked. ask anyone (who does not work in the field) to name an website hosting / registration company and it is likely to be GoDaddy.
Ask for a second one and I would be very surprised if you can get a response.
Brand positioning on the other hand; well it leaves much to be desired (all sorts of puns intended)

http://en.wikipedia.org/wiki/Positioning_(marketing) [wikipedia.org]
http://en.wikipedia.org/wiki/Brand_recognition [wikipedia.org]

Re:Inconceivable! (1)

FuckingNickName (1362625) | more than 4 years ago | (#31987148)

Was it because they were advertising in a direct, in-your-face, honest way that you were bothered? Would you have preferred dulcet tones to make it sound like the company cares for you? Or a pretentious douche mocking a fat guy on a white background? Or do you just feel religious guilt when you see a scantily clad woman?

I mean, a serious customer cares for service that's good enough at a price that's affordable, no? Why would he care what adults voluntarily do in a marketing production?

Re:Inconceivable! (1)

tsm_sf (545316) | more than 4 years ago | (#31988272)

It's hard to believe, but I used to refer clients to them back in the day. But those commercials put a stop to that.

It was their decapitation of seclists that did it for me. The only things that differentiates DNRs and hosts from each other are reliability and customer service, and Godaddy proved to be awful at both. They are simply off the table for a lot of admins, it seems.

I'd really like to see some kind of registrar co-op, where the person registering the name is able to take complete liability for and ownership of their domain. Does such a thing exist?

Re:Inconceivable! (3, Funny)

thijsh (910751) | more than 4 years ago | (#31985432)

What makes you believe the stripping sexy models weren't already infected to begin with? ...

Re:Inconceivable! (3, Funny)

igaborf (69869) | more than 4 years ago | (#31985522)

Wait, those commercials were selling something? I never noticed.

No, Dad! No! (0)

Anonymous Coward | more than 4 years ago | (#31985264)

http://plif.courageunfettered.com/archive/wc134.gif

Don't put any details in the post or anything... (1)

gimmebeer (1648629) | more than 4 years ago | (#31985312)

The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later. Apache/1.3.33 Server at blogcastfm.com Port 80

Re:Don't put any details in the post or anything.. (0)

Anonymous Coward | more than 4 years ago | (#31985488)

It's now 403'd.

Re:Don't put any details in the post or anything.. (0)

Anonymous Coward | more than 4 years ago | (#31985668)

They put in a new exploit that only executes when the traffic is referred by Slashdot.

Re:Don't put any details in the post or anything.. (2, Informative)

TheDarAve (513675) | more than 4 years ago | (#31985932)

Posting a story on Slashdot is almost as bad as having a botnet DoS a site anyway. No exploit needed, just exploits of the common geek.

Wow (0, Offtopic)

koan (80826) | more than 4 years ago | (#31985370)

China is still punishing Google huh?

Re:Wow (2, Interesting)

phantomcircuit (938963) | more than 4 years ago | (#31986460)

Wordpress the opensource Blogging software, not wordpress.com the hosted blogging provider.

This attack did not target Google at all. Whoever modded you interesting failed.

Re:Wow (0)

Anonymous Coward | more than 4 years ago | (#31986782)

Don't be bitter...

Re:Wow (1)

Anonymous Bullard (62082) | more than 4 years ago | (#31990726)

China is still punishing Google huh?

If by China you're referring to the ruling Communist Party dictatorship, then sure they are [google.com] .

Incidentally "GoDaddy also withdrew from China" [washingtonpost.com] around the same time, mainly due to the new (now more and better) draconian registration rules for individuals wishing to operate their own domains.

My hat's off for both of them for not collaborating with that regime's repressive policies.

403 error (0)

Anonymous Coward | more than 4 years ago | (#31985400)

better than my 403 "You don't have permission to access" error.

Possible mirror; (1)

Mouldy (1322581) | more than 4 years ago | (#31985434)

Click [themelab.com]

I couldn't get on the article linked in the summary, but I found this in google which is probably the same thing. It's nearly 2 months old, but that's not reason enough for it not to be on ./

Revenge of the Nerds V: Shameless (1)

MoldySpore (1280634) | more than 4 years ago | (#31985452)

Well, I suppose it was only a matter of time before those nerds [youtube.com] got their revenge.

This weekend, or two weeks ago? (4, Informative)

devjoe (88696) | more than 4 years ago | (#31985458)

I found this story [thetechherald.com] mentioning a similar incident regarding WordPress blogs, but it happened two weeks ago, rather than this weekend. The original site is slashdotted, so I can't tell if this is really the same incident or not.

The Scent Of A Lady's Underwear (-1, Troll)

Anonymous Coward | more than 4 years ago | (#31985502)

In my opinion, there is nothing quite like the scent of a lady's underwear.

mmmm... the stink of wet panties.

White with a streak of yellow reek,
A shitty pink,
A most unladylike stink,
From a fragrant, lubricated leak.

Re:This weekend, or two weeks ago? (2, Interesting)

mzs (595629) | more than 4 years ago | (#31985542)

That one was likely different. In that earlier one the interesting bit was the use of a cookie. So you would only be redirected one time (if the cookie was not there).

Re:This weekend, or two weeks ago? (1)

kalirion (728907) | more than 4 years ago | (#31986972)

The permissions issue vulnerability allowing the attackers to hack the sites could very well be the same, even if what they do after gaining access to the accounts is different.

Re:This weekend, or two weeks ago? (1)

Intron (870560) | more than 4 years ago | (#31986172)

There is also this article from March 2 [mediatemple.net] about a Wordpress vulnerability.

Slashdotted to death. (4, Funny)

gimmebeer (1648629) | more than 4 years ago | (#31985554)

Who needs viruses and chinese hackers to take down blog sites when you can just use slashdot?

Re:Slashdotted to death. (1)

Yvan256 (722131) | more than 4 years ago | (#31986026)

Are you saying that the Chinese own Slashdot or that we're all viruses?

Wait, don't answer that...

Only php4 users affected (2, Informative)

Anonymous Coward | more than 4 years ago | (#31985576)

Well you're asking for trouble running php4.
It baffles me why people still do it but it also baffles me why people still use Windows. Go figure?
http://www.wpsecuritylock.com/ninoplas-base64-wordpress-hacked-on-godaddy-case-study/

Network Solutions had a similar thing (4, Informative)

Anonymous Coward | more than 4 years ago | (#31985626)

happen about a week ago, though I believe they indicated their FTP accounts had been hacked.

http://blog.networksolutions.com/2010/we-feel-your-pain-and-are-working-hard-to-fix-this/

It was annoying, but I just restored from the prior days backup and went on. I only had one FTP account and a strong password and mine got hit.

Re:Network Solutions had a similar thing (4, Insightful)

Lumpy (12016) | more than 4 years ago | (#31986560)

there is no such thing as a strong password on a FTP account.

If you did not upgrade to SSH and SFTP from your control panel then you should not be managing a hosting site.

Re:Network Solutions had a similar thing (0)

Anonymous Coward | more than 4 years ago | (#31992366)

what it more likely? getting your password sniffed by a major ISP who backhauls your packets
or having a rouge program running on your workstation that scarfs up the password as you type
it into your ftp cli program or monitors your gui version of a ftp client?

i know which is more common. ssh/sftp will not make a lick of a difference
and if you think there is such a think as a strong password with ssh/sftp you should probably
not be managing a hosting site.

We reported this to them on 3/11 (4, Informative)

isThisNameAvailable (1496341) | more than 4 years ago | (#31985666)

One of our departments decided to do their own thing and host a site on GoDaddy. Not sure if it was Wordpress or not, but the same thing happened to them. We reported it back on 3/11 and moved the site. Way to get in front of this thing GoDaddy! Oh, and it wasn't just Google. Referrers from Bing and Yahoo would redirect to the same link spam page.

Er, (0)

Anonymous Coward | more than 4 years ago | (#31987054)

WTF is 3/11? I'll guess you mean last November, but honestly I'm not sure. Is there a different secret handshake I'm supposed to read into that?

Anyway, how is this GoDaddy's fault? So far it looks like dumb WordPress use -- is a budget host supposed to stay on top of updating the apps that clients place on their servers, and test them for strong passwords?

Re:Er, (0)

Anonymous Coward | more than 4 years ago | (#31988202)

Why wouldn't it be March 11, 2010?

Google? (1)

indre1 (1422435) | more than 4 years ago | (#31985674)

I'm not coming from Google but the given link [blogcastfm.com] gives me 403 (Forbidden)!

umm.. (1)

PPNSteve (1287174) | more than 4 years ago | (#31985680)

Now you know why we all call it "NO DADDY" lame hosting by lamer people.

no mention of google (2, Informative)

mzs (595629) | more than 4 years ago | (#31985718)

This may be referring to the same attack:

http://www.wpsecuritylock.com/cechriecom-com-script-wordpress-hacked-on-godaddy-case-study/ [wpsecuritylock.com]

Re:no mention of google (1)

mzs (595629) | more than 4 years ago | (#31985768)

Using google I was able to get the original post (it's pretty worthless, I think it linked to a podcast):

When arriving from Google, a hacked website will redirect to http://www2.burnvirusnow34.xorg.pl/ [burnvirusnow34.xorg.pl] . The good news is this attack appears to be based only on your actual files not your database. That's relatively easy to clean up. In GoDaddy you should be able to revert to an old version of your files (Go to April 23rd or before and you should be fine)

Re:no mention of google (1)

arth1 (260657) | more than 4 years ago | (#31992052)

Considering that this is linked to from TFA, well, no shit, Sherlock!

Re:no mention of google (1)

mzs (595629) | more than 4 years ago | (#31992212)

When I posted that the site would 403.

Well, well, well (0)

Anonymous Coward | more than 4 years ago | (#31985720)

Clever and devious

Often no difference between these, is there.

Anonymous Coward (0)

Anonymous Coward | more than 4 years ago | (#31985742)

What's ironic is the link is to a wordpress blog hosted on godaddy's shared hosting servers. I guarantee you that the slashdot effect drove the CPU through the roof and one of the linux admins over there turned the site off, therefore 403 forbidden.

Don't you mean the worst part? (4, Funny)

DigitalReverend (901909) | more than 4 years ago | (#31985786)

The best part is that the exploit only executes when the traffic is referred by Google

I suppose if this was a hacking site, it would be considered the best part, but it's actually the worst part because it may go unnoticed. Who's side are you on?

Re:Don't you mean the worst part? (1)

H0p313ss (811249) | more than 4 years ago | (#31986328)

Who's side are you on?

The most exciting side.

Exploit (0)

Anonymous Coward | more than 4 years ago | (#31986102)

Another version I removed from a friend's account last week was pointing to ninoplas.com. Strikingly similar result.
First google link for wordpress ninoplas has a reasonable cleanup process if you have ssh access.

Attacks against hosting providers (1)

Animats (122034) | more than 4 years ago | (#31986130)

We noticed another attack against a hosting provider recently, but it wasn't GoDaddy; it was ThePlanet, or at least someone who uses their IP block. A number of phishing sites suddenly appeared on our list [sitetruth.com] , and we noticed they all mapped to the same server. Multiple domains on the same server were all hosting the same phishing attack.

Annoyingly, the domain registration for the server's main domain ("websitewelcome.com") was "private". That's actually part of HostGator's system; there's no reason it should have "private registration". It just makes it harder to find the responsible party.

cPanel Sites? (1)

lymond01 (314120) | more than 4 years ago | (#31986284)

Have a friend who had the same situation but on a different ISP. I believe both GoDaddy and this other ISP use cPanel for access and content control. And the issue only occurred when referred from Google. I perused his site's code but couldn't find anything that stood out. I'm not even sure how the virus is activated (people would visit his site from a Google redirect and their antivirus would cry foul).

regexp iframe (0)

Anonymous Coward | more than 4 years ago | (#31986482)

regexp iframe

done

Uh, Ok... (1)

greymond (539980) | more than 4 years ago | (#31986898)

After reading the article it said that some of the Wordpress Blogs hosted by GoDaddy were hacked, but that the issue/vulnerability wasn't on GoDaddy's side.

I took a look at the source of my files after logging into the admin area, as well as did a find on the directory of the files for the malicious code from the article and I can't seem to find the script anywhere nor am I experiencing any issues of any kind.

The article didn't mention what type of WP accounts were hacked either...which brings up a question in my mind...

I'm using WordPress 2.9.2. I have MySQL 5.x and PHP 5 on as well. Do we know if this is something that just hit PHP 4 users of WP?

The thing is, I only recently upgraded to PHP 5 because I am playing around with Drupal for another site of mine that will be hosted on the same server and I needed PHP 5, WP still runs on both PHP 4 and 5.

Sadly nothing new with Wordpress (3, Informative)

SnapperHead (178050) | more than 4 years ago | (#31986952)

I have been dealing with a large number of Wordpress installs in the past 2 years and I am hear to tell you this is NOTHING new. This is a very common attack that is being used and its hard as shit to find. Sometimes they embed it in Javascript, sometimes its in PHP. Sometimes they encode the PHP or Javascript in base64. Sometimes they have it binary encoded inside image files. They go to great lengths to hide the code.

There is also a large number of free themes out there that come with this crap included. You can typically find it by looking at the footer include file. Look for a large base64 string. Most people ignore those because there are a number of developers who find it amusing to put that crap in their footers that if removed it will prevent the theme from working. Sure, I understand they want to prevent people from removing their credit but come on. Its leading to security issues across the board.

The only thing that I have found that helps limit these attacks is to only make the wp-content/uploads directory writable by the webserver. Everything else is owned by the user or root. To take things further, each install is placed inside a unique directory name that is chmod'd to 701 (its parent is also 701). If an attack manages to crack one install, they can't just attack another by going through the file system.

Not trying to trash Wordpress here, its just too popular and they have had a number of security mistakes in the past. Wordpress installs require a lot of maintenance to keep up to date. Wordpress makes it easy on attackers by listing the version number right in the damn HTML. Sure, they say that it doesn't matter because people can figure it out anyway. But hey, why not just leave your house unlocked at night. Attackers are just going to get in anyway.

Re:Sadly nothing new with Wordpress (1)

sholdowa (242332) | more than 4 years ago | (#31987842)

Your understanding of permissions is a bit off. What's the point of 701? 511/444 for files/dirs will perform just as well, and be logical too! If you want it really safe, then chattr +i, and ensure the partitions are mounted noatime. Obviously it'll be a pain to maintain the site, but the chances of it being hacked will diminish dramatically. Who said security was easy (:

Re:Sadly nothing new with Wordpress (1)

SnapperHead (178050) | more than 4 years ago | (#31989324)

Nope, it works perfectly. 1 is the execute bit, which when applied to a directory allows you to read a file from inside that directory ONLY if you know the absolute path to the file. However, since the parent is 701 you can't find out what that unique directory name is without already knowing it.

Apache can read this because its looking for index.php inside that vhost's DocumentRoot. Now, you might be asking ... well, just look at the vhost and grab the DocumentRoot from there. You can't, the directory that contains the vhost files is also set to root.root 700. Apache can read this at start up before it switchs to a non-privileged user.

Here, try this out:

mkdir -p /web/blog1/abc/
mkdir -p /web/blog2/def/
mkdir -p /web/blog3/ghi/

chmod 701 /web/blog1
chmod 701 /web/blog2
chmod 701 /web/blog3

chmod 701 /web/blog1/abc
chmod 701 /web/blog2/def
chmod 701 /web/blog3/ghi

touch /web/blog1/abc/index.php
touch /web/blog2/def/index.php
touch /web/blog3/ghi/index.php

Now, try an ls of /web/blog1 you will get a Permission denied. You can't find out that unique directory name inside /web/blog1 without already knowing it, which Apache does. However, you can do a ls /web/blog1/abc/index.php

Wordpress doesn't need to look at files inside those directories so its ok. It also gets its current running (DocumentRoot) from PHP (which is being passed via environment variables) so everything works as normal.

Even lsof won't show what directories are currently open. /proc won't list it either, as those files won't allow you to read about those processes as a non-privileged user.

I am not quite sure what you are trying to accomplish security wise by mounting those with noatime. That's a performance benefit.

Has nothing to do with Godaddy (1, Flamebait)

Bryansix (761547) | more than 4 years ago | (#31987710)

The assumption that GoDaddy is horrible and has horrible service is false. People make this assumption because they use sex to sell and they have low prices. People assume these two combination also mean poor service and complete incompetence. This could not be further from the truth. Ask ANY technically minded person who has given GoDaddy a chance and they will tell you about the value of their inexpensive services and domain names. I have personally used them for 3 years running to host my website http://www.shezphoto.com/ [shezphoto.com] with wordpress. I use their shared hosting economy plan which is like $3 a month if you pay for a year and I have had to call technical support to fix a problem zero times. I did call them one time to figure out how to migrate my WP database to the new version of MySQL and they emailed me explicit directions and they worked perfectly. Yes I installed using the "One click install" but I also have since then kept my WP install up to date and I have strong passwords on my admin accounts and my ftp and databases as well. You will notice I was not hacked.

I also bought my domain name through them. I challenge all of you to find me a more reliable company who charges the same amount as GoDaddy for domain names. Plus GoDaddy isn't evil like Network Solutions is. NS will put a lock on a domain name you view through their website so you cannot then purchase it through another vendor for less. GoDaddy never does this. GoDaddy may try to up sell you but you can easily choose to ignore all of that and then you get a domain name for less then anywhere else that is purchased through a reputable and honest company.

Why people trash GoDaddy all the time without ever having used them is beyond me. It's just childish. It's like saying "Eww Girls" because you find out they don't have penises. It's ok Slashdot... you can get over your fear of the unknown.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...