Latest news of the domain name industry

Recent Posts

Go Daddy plays down “massive” attack claim

Kevin Murphy, April 26, 2010, 20:50:48 (UTC), Domain Registrars

Malicious hackers have compromised a number of WordPress installations running on Go Daddy hosting, but the company claims very few customers were affected.

Slashdot carried a story a few hours ago, linking to a blog claiming a “massive” breach of security at the domain name registrar.

(EDIT: as noted in the comments, this blog may itself have been hacked, so I’ve removed the link. You can find it in the comments if you want to take the risk.)

But Go Daddy says the problem is not as widespread as it sounds.

“We received reports from a handful of Go Daddy customers using WordPress their websites were impacted by the script in question,” Go Daddy security chief Todd Redfoot said in a statement.

“We immediately opened an investigation into what happened, how it was done and how many sites were affected,” he said. “The investigation is currently ongoing.”

The attack is certainly not ubiquitous. I host a number of WordPress sites with Go Daddy, including this one, and they all appear to be working fine today.

And a Twitter search reveals no references to an attack today prior to the Slashdot post, apart from the blog it was based on.

That doesn’t prove anything, but when Network Solutions’ WordPress hosting was breached last week there was a lot more tweet noise. That attack had thousands of victims.

For those interested in the details of the attack, this WordPress security blog appears to be the best place to get the nitty-gritty.

Tagged: , , ,

Comments (3)

  1. jsi says:

    FYI, the site you link to at this location http://blogcastfm.com/announcements/warning-massive-number-of-godaddy-wordpress-blogs-hacked-this-weekend/

    Has been hacked. I just clicked on it and was redirected to the site that is doing the hacking. Basically, the malware infects your site with a 20 day cookie so if you hit it once and catch it, it will sit dormant for 20 days and then do it again. You might want to remove the link as you are directing people to an infected site…

  2. Kevin Murphy says:

    Thanks for letting me know. I’ll make a note of that in the post.

Add Your Comment