Do you have a GoDaddy hosted site?
Has the site been acting strangely recently?
Well, do I have a story for you….
GoDaddy webhosting breach
GoDaddy, the Internet’s largest web host, headquartered in Tempe, Arizona, has recently announced that they have been subject to a complex security breach which appears to have originated over 2 years ago.
Back in December 2022, GoDaddy received a number of customer complaints about websites getting sporadically redirected to malicious sites. Upon investigation, it was found that this was due to an unauthorized third party gaining access to servers hosted in its cPanel environment.
cPanel is a Linux-based control panel used to conveniently manage web hosting. Although accessed via a browser, the system operates like a desktop application and allows you to perform server configuration actions from a user-friendly dashboard instead of running complex command-line syntax.
GoDaddy released a full statement about this issue, which can be read here
Attack goals
In the GoDaddy announcement, a representative said “The ultimate objective of the intrusions is to infect websites and servers with malware for phishing campaigns, malware distribution, and other malicious activities.”
The company also said the December 2022 incident is connected to two other security events it encountered in March 2020 and November 2021.
The 2020 breach entailed the compromise of hosting login credentials of about 28,000 hosting customers and a small number of its personnel.
Then in 2021, GoDaddy said a rogue actor used a compromised password to access a provisioning system in its legacy code base for Managed WordPress (MWP), affecting close to 1.2 million active and inactive MWP customers across multiple GoDaddy brands.
GoDaddy history
Originally called Jomax Technologies, GoDaddy was founded in 1997 in Phoenix, Arizona, by entrepreneur Bob Parsons.
Initially, the image of the company was very of its time – portraying a “laddish” culture of sun, fun, beer, fast cars, and scantily-clad women.
Aside from dodgy commercials, GoDaddy has had more than its fair share of controversies over the years:
- January 24, 2007, GoDaddy deactivated the domain of computer security site Seclists.org, taking 250,000 pages of security content offline. The shutdown resulted from a complaint from MySpace to GoDaddy regarding 56,000 user names and passwords posted a week earlier to the full-disclosure mailing list and archived on the Seclists.org site as well as many other websites.
- January 27, 2015 GoDaddy released a Super Bowl ad on YouTube. Called “Journey Home”, the commercial featured a Retriever puppy named Buddy who was bounced out of the back of a truck. After making a journey home, his owners are relieved because they just sold him on a website they built with GoDaddy. The ad found very few fans from the online community. Animal advocates took to social media calling the ad disgusting, callous and that the commercial advocated puppy mills. An online petition collected 42,000 signatures.
- December 11, 2011, rival domain name registrar Namecheap claimed that GoDaddy was in violation of ICANN rules by providing incomplete information in order to hinder the protest moves of domain names from GoDaddy to Namecheap.
- December 22, 2011, a thread was started on Reddit, discussing the identity of supporters of the United States Stop Online Piracy Act (SOPA), which included GoDaddy. GoDaddy subsequently released additional statements supporting SOPA. A boycott and transfer of domains were proposed.
By December 24, 2011, GoDaddy had lost 37,000 domains as a result of the boycott. - December 2020, during the COVID-19 pandemic and the associated economic crisis, the company tricked employees into thinking they had earned a bonus of $650, instead they were told they had failed a phishing test and were required to do social engineering training. After significant media criticism, the company apologised to its staff but did not offer actual bonuses.
- January 11, 2021, the company deplatformed the web forum AR15.com following the U.S. Capitol attack. GoDaddy told Axios that the action was due to the site’s failure to moderate content “that both promoted and encouraged violence.” The National Shooting Sports Foundation condemned what it called the “de-platforming of gun sites” as a “dark harbinger” for discussion of controversial issues and an “indiscriminate silencing of opinion and debate.
- September 2021 the company cancelled a contract with the pro-life group Texas Right to Life who were running a website encouraging whistleblowing of those who were breaking the Texas Heartbeat Act.
GoDaddy grows up
GoDaddy underwent a major revamp of its image in the mid 2000’s to one of a more grown-up one in an attempt to gain a bigger slice of the Internet domain registrar and hosting business.
In 2013, GoDaddy was reported as the largest ICANN-accredited registrar in the world, four times bigger than their closest competitor.
As of 2018, GoDaddy is the world’s largest web host by market share, with over 62 million registered domains.
It’s not difficult to see why GoDaddy were targeted in this attack. By attacking GoDaddy, it gives criminals a very large potential secondary victim pool.