New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
28,000 GoDaddy SSH Accounts Compromised
On April 23, 2020, we identified SSH usernames and passwords had been compromised by an unauthorized individual in our hosting environment. This affected approximately 28,000 customers. We immediately reset these usernames and passwords, removed an authorized SSH file from our platform, and have no indication the individual used our customers’ credentials or modified any customer hosting accounts. The individual did not have access to customers’ main GoDaddy accounts.”
https://www.wordfence.com/blog/2020/05/28000-godaddy-hosting-accounts-compromised/
Comments
They 'reset these usernames'?
Well, a reset is easy, what about patch? If the issue is not found, the attacker will run the scanner anytime he wants.
Btw, do they still offer ssh access?
Looks like their patch was removing an auth file.
SSH passwords. Long time no see this word combo. Good riddance for GoPappi.
I think they still offer SSH access on their shared plans.
Ah, I remember when I got an email from "Jagex" to become a mod. All I needed to do was to login to confirm. I was so excited I hopped in and clicked the link in the mail. Only after I logged in, and saw nothing happen when I clicked log in. Then did I see that the URL link was fake. I hurriedly changed my password. Ever since, I would always check the link address before clicking on links in email.
Only for higher plans
Shit happened to one of the shittiest hosting companies in the world... no wonders!!
Sometimes this scares me....if big companies like this aren't secure then who is!
I don't think something as big as Google can be breached tho?
Just always take extra precautions and always update systems, specially if you provide shared hosting.
Uhm, security is not the driver that makes companies grow quickly and into large corporations. Security theater, as Bruce Schneier calls it, however might play a role; the problem is that security theater, unlike real security, will break if attacked.
Google cooks with the same water everyone else uses. Their probably most valuable protection and resource is the fact that they seem to have many really talented and well educated people.
Tell that to GoDaddy
DO got compromised as well.
On the other hand they have lost domain names once or twice. Even, briefly, google.com in 2015.
They too will pass.
As long as something is accessible through internet there is high possibility it can be breached depending upon the time and sophistication level of hacker. I read some where an article related to Apple company arranging hacking competition where bounty was set to hack a fresh installation of their OS and there were quite a few winners
so to say, a server for 28.000 accounts?
No. I think it's number of their services which had SSH enabled (if shared hosting).
Looks like a single shared hosting server got hacked.
The NSA had 'full' access to Google for years (without asking) because Google didn't encrypt communications between internal Google servers. When the Snowden leaks came out, Google overhauled their intercommunication and protocols to prevent much of that. They've stepped up their game and have found many new types of attacks and discoveries to try and stay ahead of the baddies. But the largest companies also have the problem of having TONS of servers and computers that need constant updates to be protected and there will always be zero day exploits that are only available to state sponsored hackers.
Well... they are not the first and definitely not the last...
Why keep SSH passwords in the first place jesus
I'm most interested in how you lose SSH passwords. Stored in plain text? Shadow file permissions broken? (Don't even think login works if you do that)