Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

That's simply not true. And even if you ignore strictly technical problems they've had in the past (and the technical issues I had helping a non-profit with a hacked GoDaddy instance on a shared box that they disclaimed responsibility for), their moral/political problems are technical problems as well. As far as I'm concerned, failing to follow a DMCA properly and instead simply re-routing DNS requests in the meantime is a technical issue just as much as political one.


I'm curious, how did you narrow it down to GoDaddy as being the culprit? Let me guess, you used a popular CMS?


It was a hosted WordPress blog. That by default makes it their fault. If WP weren't up to date, it's their fault. If the host for the shared instance were hacked and files were added to all of the shared installations (which is what happened), it's their fault.

The problem was, the malware was only visible when the referrer was "Google", so they claimed there was nothing wrong. For weeks.


I'm not sure I follow your logic. GoDaddy may make it easy for you to install WordPress but it's still up to the owner to go in and update WordPress and Plugins. I'm not saying it wasn't GoDaddy but claiming it was definitively seems a little silly...


I don't know as I didn't set it up, but I've used shared cpanels in the past and they give you one-click WordPress installs and advertised as a "one-click full solution".

Either way, when it came down to it, one of their other shared clients were compromised and their sandboxing was rather insufficient leading to most of the clients on that box having some sort of malware installed. I'm sure the person in question was targeted because it looked like a standard install and frankly, if I was targeting shared hosting providers, I'd create my malware to be easy to integrate with WordPress.

I hope that makes it more clear why I find it to be GoDaddy's fault. In the end of the day, they understood what was wrong, apologized and fixed it.


Well here's how it works. GoDaddy and all other host's "one-click" is installation only. It doesn't auto-update your WordPress install so yours likely contained an old security exploit and was easily hacked. This is by design, it would be bad to install a WP theme and then have your website broken because it auto-updated WP.

Even so, you never answered my original question. How'd you determine it was a sandboxing problem rather than your own WordPress installation being compromised? Seems even less so considering you didn't realize you had to update WordPress yourself.


Yes, I did answer.

They. Told. Me. It. Was. Their. Fault.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: