Alerts from Wordfence and a press release from GoDaddy informed me of what I already knew. Security flaws let the bad guys in to get the data goods from their website hosting clients. Login credentials were compromised to install malware on some websites and enough proprietary data was stolen to send a ton of fake or phishing emails to exposed contacts.
The infection hit GoDaddy’s WordPress hosting clients including resellers such as Media Temple, 123Reg, and Domain Factory.
Mass DIY website providers have been a pain in my butt for almost 30 years in the managed hosting business. It takes a commitment not common among the DIY’ers to keep websites clean.
Most have a passion or a business they want connected to the web. Many lose interest after the design stage because they’re too involved in their ventures to spare the time. Too many websites are abandoned because the passion was lost or the business failed. But the applications code necessary to run the website is left connected for all those who exploit vulnerabilities.
DIY websites without diligence to security and maintenance create havoc on the web. GoDaddy’s revenue model offers a low entry price to the web that makes a profit whether websites are built and maintained properly or not.
There is not a website on an eWorldLinx server that is not monitored and maintained close to minimize threats to data and performance. Most of our websites were built by us. All applications are kept updated whether we built the website or not. Every couple of years we upgrade to new servers for performance and security.
GoDaddy is plugging their security holes and changing passwords to administrative functions. So until the next time they’re sounding the all is clear signal.
If you have a website keep it clean from bad actors. Protect your passion or business and your customers, too.