Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


28,000 GoDaddy SSH Accounts Compromised
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

28,000 GoDaddy SSH Accounts Compromised

On April 23, 2020, we identified SSH usernames and passwords had been compromised by an unauthorized individual in our hosting environment. This affected approximately 28,000 customers. We immediately reset these usernames and passwords, removed an authorized SSH file from our platform, and have no indication the individual used our customers’ credentials or modified any customer hosting accounts. The individual did not have access to customers’ main GoDaddy accounts.”

https://www.wordfence.com/blog/2020/05/28000-godaddy-hosting-accounts-compromised/

Comments

  • They 'reset these usernames'?

  • Well, a reset is easy, what about patch? If the issue is not found, the attacker will run the scanner anytime he wants.

    Btw, do they still offer ssh access?

  • @ZotiMediaGroup said:
    Well, a reset is easy, what about patch? If the issue is not found, the attacker will run the scanner anytime he wants.

    Btw, do they still offer ssh access?

    Looks like their patch was removing an auth file.

  • LeviLevi Member

    SSH passwords. Long time no see this word combo. Good riddance for GoPappi.

  • cazrzcazrz Member

    I think they still offer SSH access on their shared plans.

  • MavelliMavelli Member

    Ah, I remember when I got an email from "Jagex" to become a mod. All I needed to do was to login to confirm. I was so excited I hopped in and clicked the link in the mail. Only after I logged in, and saw nothing happen when I clicked log in. Then did I see that the URL link was fake. I hurriedly changed my password. Ever since, I would always check the link address before clicking on links in email.

  • @cazrz said:
    I think they still offer SSH access on their shared plans.

    Only for higher plans

  • Shit happened to one of the shittiest hosting companies in the world... no wonders!!

  • HostMayoHostMayo Member, Patron Provider

    Sometimes this scares me....if big companies like this aren't secure then who is!

  • MavelliMavelli Member

    @Waqass said:
    Sometimes this scares me....if big companies like this aren't secure then who is!

    I don't think something as big as Google can be breached tho?

  • cazrzcazrz Member

    @Waqass said:
    Sometimes this scares me....if big companies like this aren't secure then who is!

    Just always take extra precautions and always update systems, specially if you provide shared hosting.

  • WSSWSS Member

    @LTniger said:
    SSH passwords. Long time no see this word combo. Good riddance for GoPappi.

  • jsgjsg Member, Resident Benchmarker
    edited May 2020

    @Waqass said:
    Sometimes this scares me....if big companies like this aren't secure then who is!

    Uhm, security is not the driver that makes companies grow quickly and into large corporations. Security theater, as Bruce Schneier calls it, however might play a role; the problem is that security theater, unlike real security, will break if attacked.

    @Mavelli said:
    I don't think something as big as Google can be breached tho?

    Google cooks with the same water everyone else uses. Their probably most valuable protection and resource is the fact that they seem to have many really talented and well educated people.

  • HostMayoHostMayo Member, Patron Provider

    @cazrz said:

    @Waqass said:
    Sometimes this scares me....if big companies like this aren't secure then who is!

    Just always take extra precautions and always update systems, specially if you provide shared hosting.

    Tell that to GoDaddy :wink:

  • handyhosthandyhost Member, Host Rep

    DO got compromised as well.

  • @Mavelli said:

    @Waqass said:
    Sometimes this scares me....if big companies like this aren't secure then who is!

    I don't think something as big as Google can be breached tho?

    On the other hand they have lost domain names once or twice. Even, briefly, google.com in 2015.

    They too will pass.

  • HostMayoHostMayo Member, Patron Provider

    As long as something is accessible through internet there is high possibility it can be breached depending upon the time and sophistication level of hacker. I read some where an article related to Apple company arranging hacking competition where bounty was set to hack a fresh installation of their OS and there were quite a few winners :wink:

  • so to say, a server for 28.000 accounts?

  • @ErawanArifNugroho said:
    so to say, a server for 28.000 accounts?

    No. I think it's number of their services which had SSH enabled (if shared hosting).

    Thanked by 1ErawanArifNugroho
  • DataWagonDataWagon Member, Patron Provider

    Looks like a single shared hosting server got hacked.

  • @Mavelli said:

    @Waqass said:
    Sometimes this scares me....if big companies like this aren't secure then who is!

    I don't think something as big as Google can be breached tho?

    The NSA had 'full' access to Google for years (without asking) because Google didn't encrypt communications between internal Google servers. When the Snowden leaks came out, Google overhauled their intercommunication and protocols to prevent much of that. They've stepped up their game and have found many new types of attacks and discoveries to try and stay ahead of the baddies. But the largest companies also have the problem of having TONS of servers and computers that need constant updates to be protected and there will always be zero day exploits that are only available to state sponsored hackers.

    Thanked by 1HostMayo
  • Well... they are not the first and definitely not the last...

  • D-manD-man Member

    Why keep SSH passwords in the first place jesus

  • jarjar Patron Provider, Top Host, Veteran

    I'm most interested in how you lose SSH passwords. Stored in plain text? Shadow file permissions broken? (Don't even think login works if you do that)

Sign In or Register to comment.