Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Advertise on LowEndTalk.com
28,000 GoDaddy SSH Accounts Compromised
New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

28,000 GoDaddy SSH Accounts Compromised

MridulMridul Member

On April 23, 2020, we identified SSH usernames and passwords had been compromised by an unauthorized individual in our hosting environment. This affected approximately 28,000 customers. We immediately reset these usernames and passwords, removed an authorized SSH file from our platform, and have no indication the individual used our customers’ credentials or modified any customer hosting accounts. The individual did not have access to customers’ main GoDaddy accounts.”

https://www.wordfence.com/blog/2020/05/28000-godaddy-hosting-accounts-compromised/

Hosts I Recommend >> [ XiNiX | CloudCone | HostUs | BuyVM | Backovia ( 25 TB VPS ) ]

Comments

  • SmallWebSmallWeb Member, Provider

    They 'reset these usernames'?

    SmallWeb - DirectAdmin Web Hosting from £3.99/Year in AMS, GER, LAX, LON, LUX, MEL, NYC & SGP. No Support via LET

  • Well, a reset is easy, what about patch? If the issue is not found, the attacker will run the scanner anytime he wants.

    Btw, do they still offer ssh access?

    Misterhost.NET - Unlimited Hosting - Reseller Hosting - Master Reseller Hosting - Alpha Reseller Hosting
    Since 6 Years in Business and serving over 30.000 Clients.

  • SmallWebSmallWeb Member, Provider

    @ZotiMediaGroup said:
    Well, a reset is easy, what about patch? If the issue is not found, the attacker will run the scanner anytime he wants.

    Btw, do they still offer ssh access?

    Looks like their patch was removing an auth file.

    SmallWeb - DirectAdmin Web Hosting from £3.99/Year in AMS, GER, LAX, LON, LUX, MEL, NYC & SGP. No Support via LET

  • LTnigerLTniger Member

    SSH passwords. Long time no see this word combo. Good riddance for GoPappi.

    hostWP.net - Wordpress Hosting Platform.

  • cazrzcazrz Member

    I think they still offer SSH access on their shared plans.

  • MavelliMavelli Member

    Ah, I remember when I got an email from "Jagex" to become a mod. All I needed to do was to login to confirm. I was so excited I hopped in and clicked the link in the mail. Only after I logged in, and saw nothing happen when I clicked log in. Then did I see that the URL link was fake. I hurriedly changed my password. Ever since, I would always check the link address before clicking on links in email.

    Thanked by 2yongsiklee SmallWeb

    Dobl.io!

  • @cazrz said:
    I think they still offer SSH access on their shared plans.

    Only for higher plans

    EVERYTHING IS MUCH BETTER THAN IT WAS 1 YEAR AGO

  • mehargagsmehargags Member

    Shit happened to one of the shittiest hosting companies in the world... no wonders!!

  • WaqassWaqass Member, Provider

    Sometimes this scares me....if big companies like this aren't secure then who is!

  • MavelliMavelli Member

    @Waqass said:
    Sometimes this scares me....if big companies like this aren't secure then who is!

    I don't think something as big as Google can be breached tho?

    Dobl.io!

  • cazrzcazrz Member

    @Waqass said:
    Sometimes this scares me....if big companies like this aren't secure then who is!

    Just always take extra precautions and always update systems, specially if you provide shared hosting.

  • WSSWSS Member

    @LTniger said:
    SSH passwords. Long time no see this word combo. Good riddance for GoPappi.

  • jsgjsg Member
    edited May 8

    @Waqass said:
    Sometimes this scares me....if big companies like this aren't secure then who is!

    Uhm, security is not the driver that makes companies grow quickly and into large corporations. Security theater, as Bruce Schneier calls it, however might play a role; the problem is that security theater, unlike real security, will break if attacked.

    @Mavelli said:
    I don't think something as big as Google can be breached tho?

    Google cooks with the same water everyone else uses. Their probably most valuable protection and resource is the fact that they seem to have many really talented and well educated people.

    Thanks no.

  • WaqassWaqass Member, Provider

    @cazrz said:

    @Waqass said:
    Sometimes this scares me....if big companies like this aren't secure then who is!

    Just always take extra precautions and always update systems, specially if you provide shared hosting.

    Tell that to GoDaddy :wink:

  • handyhosthandyhost Member

    DO got compromised as well.

  • @Mavelli said:

    @Waqass said:
    Sometimes this scares me....if big companies like this aren't secure then who is!

    I don't think something as big as Google can be breached tho?

    On the other hand they have lost domain names once or twice. Even, briefly, google.com in 2015.

    They too will pass.

  • WaqassWaqass Member, Provider

    As long as something is accessible through internet there is high possibility it can be breached depending upon the time and sophistication level of hacker. I read some where an article related to Apple company arranging hacking competition where bounty was set to hack a fresh installation of their OS and there were quite a few winners :wink:

  • so to say, a server for 28.000 accounts?

  • jetchiragjetchirag Member

    @ErawanArifNugroho said:
    so to say, a server for 28.000 accounts?

    No. I think it's number of their services which had SSH enabled (if shared hosting).

    Thanked by 1ErawanArifNugroho

    ^-^!

  • DataWagonDataWagon Member, Provider

    Looks like a single shared hosting server got hacked.

  • @Mavelli said:

    @Waqass said:
    Sometimes this scares me....if big companies like this aren't secure then who is!

    I don't think something as big as Google can be breached tho?

    The NSA had 'full' access to Google for years (without asking) because Google didn't encrypt communications between internal Google servers. When the Snowden leaks came out, Google overhauled their intercommunication and protocols to prevent much of that. They've stepped up their game and have found many new types of attacks and discoveries to try and stay ahead of the baddies. But the largest companies also have the problem of having TONS of servers and computers that need constant updates to be protected and there will always be zero day exploits that are only available to state sponsored hackers.

    Thanked by 1Waqass
  • Why keep SSH passwords in the first place jesus

  • jarjar Provider

    I'm most interested in how you lose SSH passwords. Stored in plain text? Shadow file permissions broken? (Don't even think login works if you do that)

Sign In or Register to comment.