Big Go-Daddy hosting attack



In what feels like a continuation of recent bad news related to major hacks and data losses…..George Ou reports on a BIG hack of GoDaddy hosting customers. There was also a big hack-athon by Turkish hackers over the last week that will be recorded as the biggest mass-web-site-defacement on record… There seems to be a lot of GoDaddy customers hacked by the very same method….


38,500 sites were defaced in a single day by hacker iSKORPiTX who used an automated mechanism to attack what appeared to be an exploit in a sloppy implementation of ASP code (more than 21,000 sites listed here). But when I dug a little deeper (and courtesy of reader Toadlife’s link), it appears that the exact same type of hack by the same hacker using the same exploit may have happened over a year ago to a GoDaddy ASP hosting customer in April of 2005. When I randomly sampled and inspected 40 of the defaced sites in the massive list, nearly everyone one of them were being hosted by GoDaddy hosting services.

It goes on…. he found a user in Lockergnomes forums that had a hacked site and has his correspondance which threw the blame to an unpatched vulnerability in Microsoft’s IIS….

Within one week of signing up for a $10 GoDaddy Deluxe Windows IIS hosting account I noticed a file in an “SSFM” subdirectory on my FTP / website. I did not create the directory or the file. The file itself read “HACKED BY iSKORPiTX” and had a Turkish flag and some other language on it. GoDaddy claimed that the SSFM subdirectory was required by their servers (so I couldn’t just delete it & be done with it) and, in regards to the hack itself, said:
Thank you for contacting Hosting Support.

This email is in regards to the issue that you escalated on xx xxxxx 2005. The ssfm hack is not something we can really defend against. It is a vulnerability in the Microsoft IIS webserving system. As Microsoft uses closed source software, we are dependant on them for a fix to this issue. They have not, as of yet, issued a patch for this vulnerability. Rest assured that your passwords have not been compromised. The attacker does not need these to insert his file into the account as it is done through a hole in the IIS system (and this is the only directory that they would have access to).
If you have any other questions or concerns please feel free to contact our customer support team.
Sincerely,
Advanced Support

A Google search did not reveal anything useful. Anybody know what SSFM is for, or have any more info that could help me shed a light on this? Other than this I have been happy with the company in the brief time I’ve used them.

The kicker is the forum post was from April of 2005 – so the identical hack (to this latest wave) has been in practice for over a year. George talked to GoDaddy and it sounds like he went in circles and is waiting to hear from Microsoft. He has now heard from Microsoft who says that it’s not an ASP flaw… it’ll be interesting to see if this is something in Godaddy’s hosting software, or just sloppy ASP programming as originally claimed….

Related Posts

Blog Traffic Exchange Related Posts
  • Exploits in the wild and other news After perusing the Sans.org handlers diary, there are a few things brewing that should be known. Exploits are in the wild for some of the vulnerabilities addressed by this weeks Microsoft patchfest. There is a Veritas Backup Exec vulnerability and it appears that the Beta of Vista has a network......
  • IE 7 INCOMPATIBLE with WORDPRESS blogs using the stattraq plugin I've FINALLY tracked down what was causing the issue with displaying my page in Internet Explorer 7 (RC1). It turns out that the stattraq plugin in wordpress (stattraq site) is part of the problem. Now, I don't understand exactly WHY... because I do have stattraq on each of the sites,......
  • Asheville based Web Design, VPS Hosting and SEO Services [/caption] Change is constant. The last couple of years I have been doing less onsite computer service. Health has been one large reason for that. I have been focusing on other things though. One of the things that I've been working on is now going live. I've redesigned my web......
Blog Traffic Exchange Related Websites
  • Web Hosting Packages And How To Get More Value For Money From Them It is a real shame but a lot of us fail to get good value for money from our web hosting packages. And this is not something that we can blame on our web hosting providers because they have plenty of extra options available but we just don't make the......
  • A Web Hosting Business Can Make The Difference Between Achievement And Failure A world wide web hosting business needs to be capable to provide numerous innovative characteristics such as high-end hosting to leverage the very best in technological developments and ought to be able to provide diverse hosting methods. It should be possible for customers to take benefit of their own diverse......
  • Outlining The Main Contrasts Between UK And US Web Hosting Website marketing is the current trend of modern business. It seeks to exploit online resources to reach out to the public. Websites are used to educate and relay specific information to internet surfers. The process of developing sites is a long one and requires a lot of planning and expertise.......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site