Hundreds of GoDaddy-Hosted Sites Backdoored In a Single Day (bleepingcomputer.com) 19
Internet security analysts have spotted a spike in backdoor infections on WordPress websites hosted on GoDaddy's Managed WordPress service, all featuring an identical backdoor payload. The case affects internet service resellers such as MediaTemple, tsoHost, 123Reg, Domain Factory, Heart Internet, and Host Europe Managed WordPress. BleepingComputer reports: The discovery comes from Wordfence, whose team first observed the malicious activity on March 11, 2022, with 298 websites infected by the backdoor within 24 hours, 281 of which were hosted on GoDaddy. The backdoor infecting all sites is a 2015 Google search SEO-poisoning tool implanted on the wp-config.php to fetch spam link templates from the C2 that are used to inject malicious pages into search results. The campaign uses predominately pharmaceutical spam templates, served to visitors of the compromised websites instead of the actual content.
The goal of these templates is likely to entice the victims to make purchases of fake products, losing money and payment details to the threat actors. Additionally, the actors can harm a website's reputation by altering its content and making the breach evident, but this doesn't seem to be the actors' aim at this time. The intrusion vector hasn't been determined, so while this looks suspiciously close to a supply chain attack, it hasn't been confirmed. [...] In any case, if your website is hosted on GoDaddy's Managed WordPress platform, make sure to scan your wp-config.php file to locate potential backdoor injections. Wordfence also reminds admins that while removing the backdoor should be the first step, removing spam search engine results should also be a priority.
The goal of these templates is likely to entice the victims to make purchases of fake products, losing money and payment details to the threat actors. Additionally, the actors can harm a website's reputation by altering its content and making the breach evident, but this doesn't seem to be the actors' aim at this time. The intrusion vector hasn't been determined, so while this looks suspiciously close to a supply chain attack, it hasn't been confirmed. [...] In any case, if your website is hosted on GoDaddy's Managed WordPress platform, make sure to scan your wp-config.php file to locate potential backdoor injections. Wordfence also reminds admins that while removing the backdoor should be the first step, removing spam search engine results should also be a priority.
Now it goes... (Score:3)
Now it goes...from GoDaddy to "Whoa daddy!" with this development.
JoshK.
Know what you're doing! (Score:2)
Wordpress can be secure if you know what you're doing. Trust the professionals.
Oh, wait!
Re: Know what you're doing! (Score:2)
Re: (Score:2)
WordPress is teh shite
The fact that it's about a phenomenon on one "managed" host means that we are talking about some vulnerability in what they are doing, not in "WordPress" as a whole.
Re: (Score:2)
Wordpress can be secure if you know what you're doing. Trust the professionals.
Oh, wait!
Sorry, had meant this reply for you.
The fact that this story is about a phenomenon on one "managed" host means that we are talking about some vulnerability in what they are doing, not in "WordPress" as a whole.
Not a bug (Score:3)
This wasn't a bug, it was a feature. GoDaddy sucks!
Go Daddy got Backdoored. (Score:2)
Now on pornhub!
Re: (Score:1)
Came here for this comment. Err, I mean I opened the thread hoping this would pop up. What I mean is, I hope they don’t have a hard time fixing the problem in the end.
Never mind.
Re: (Score:2)
while wearing a t-shirt that says "backdoor guests are best"
All the more reason to leave (Score:2)
They've mismanaged my domains in the past, and just this month stopped my email forwarding on my domain because of a "past due balance" of $0.00. Forwarding was restored when I paid them exactly $0.00. Of course I have to go through the checkout process first, and didn't even need to submit a card for payment. BTW, they didn't send an email to tell me about this, I just noticed I did not get an email I was expecting, and did a test send.
Great customer service, NOT!
(Apologies to Wayne Campbell. Party on!
123Reg, HostEurope, Domain Factory, ... (Score:2)
Fuck wordpress and other CMS (Score:2)
Years later, I was just perusing through the code, and I see garbage in essentially every script.
But the website was working perfectly well
Upon digging, I found out the host was compromised, and every script in every single account was infected with some malware that would only "work" with Wordpress.
Every malicious account got deleted. Mine
Re: (Score:2)
Well ... if everyone started using YOUR custom coded solutions instead, the same thing would have happened eventually with your code. :)
I mean, seriously though -- it should always give you more secure and efficient code when you write a purpose-built solution for a web site, vs using one of these frameworks like WordPress and customizing it to meet your needs.
The problem is, that severely restricts people's ability to spin up a site they need without having the developer talent (or money to pay them to bui
Noticed headline... (Score:2)
"Go Daddy" and "Backdoor"
Contents not what expected.
Honestly, that's a relief.
Yeet GoDaddy (Score:2)
Apparently I'm pulling my company out of GoDaddy just in time.
After years of having to call up GoDaddy support once every 4 to 6 months because our website would suddenly "disappear" from the web, they abandoned the courtesy email accounts that were bundled with their hosting plans and forced their customers onto Microsoft 365 for email and calendaring. That adversely affected our business for several days and would eventually cost us a lot of money for something that, when we first opened our account, was
Ruined my personal business site in 2020 (Score:1)
Worse still, the hack was
Oppurtunity left on table (Score:2)
Aside from injecting some PHP code, why not make db changes as well? Surely a bit harder for most people to detect and especially clean up.
Good time to leave GoDaddy for sure though - if they aren't keeping up with WordPress patching, they probably aren't doing too great with OS patching either.