LITEROTICA PODCAST
LIT CAMS (200 Free Tokens)ADULT TOYSVOD MOVIES

If You're Using Godaddy Wordpress You're F*ked.

gordo12

gordo12

Experienced
Joined
Sep 9, 2011
Posts
3,067
https://www.wordfence.com/blog/2021/11/godaddy-breach-plaintext-passwords/

1.2 million accounts with passwords stored improperly and breached, giving access to install malware and bad plugins on their hosted WordPress sites. The hacker(s) had access for over two months.

I've been around long before GoDaddy started and refuse to deal with them. There are screwups in their systems that go back years now and have not been corrected. When I have customers that insist on dealing with GoDaddy they get a warning letter that the transaction will NOT be completed properly and that is THEIR problem, not ours. They still have to pay.:rolleyes:

There are a few things you can do (outlined in the article) if you're developing a blog or book sales site.
 
gordo12 said:
https://www.wordfence.com/blog/2021/11/godaddy-breach-plaintext-passwords/

1.2 million accounts with passwords stored improperly and breached, giving access to install malware and bad plugins on their hosted WordPress sites. The hacker(s) had access for over two months.

I've been around long before GoDaddy started and refuse to deal with them. There are screwups in their systems that go back years now and have not been corrected. When I have customers that insist on dealing with GoDaddy they get a warning letter that the transaction will NOT be completed properly and that is THEIR problem, not ours. They still have to pay.:rolleyes:

There are a few things you can do (outlined in the article) if you're developing a blog or book sales site.
Click to expand...

Thanks for the heads-up. I came close to using them for 2 WordPress sites I own, but at the last minute, changed my mind in favor of another organization that specializes in nothing but WordPress.

I have 2 domains registered with GoDaddy, but haven't attached any web pages to them so I hope to be be okay...
 
Update: the problem has spread as several registrars/resellers associated with GoDaddy have used the same password system.

"We have received confirmation from GoDaddy that the breach has widened to GoDaddy Managed WordPress resellers that include tsoHost, Media Temple, 123Reg, Domain Factory, Heart Internet, and Host Europe."

Hopefully, none of you are dealing with any of them.
 
GoDaddy stored sFTP passwords in such a way that the plaintext versions of the passwords could be retrieved, rather than storing salted hashes of these passwords, or providing public key authentication, which are both industry best practices.
Click to expand...

FFS. There is no excuse for companies still storing plaintext passwords in 2021, it's just blatant negligence. I hope they get expensively sued for that and I hope it keeps happening until people learn not to do this "key under the front doormat" bullshit.
 
You must log in or register to reply here.
Back
Top