I've been getting a ton of people signing up for my GoDaddy hosted WordPress blog the last couple of days. All the email addresses were things like adfa@gmail.com.<p>Usually I get 2 or 3 signups a month. The last 2 days I've gotten 10 to 15 a day.<p>I've kept my WordPress install up to date though and I don't appear to be compromised. I wonder if that was part of the attack.
Someone commented on the posted article that the compromise seems to be from Godaddy itself. What I'm thinking is someone used a vulnerable 3rd party script hosted on a shared server, then somehow got root or escalated privileges and compromised all or most of the sites hosted on the shared server. If the issue was Godaddy itself being hacked, I would assume it would affect all servers, not just the shared one(s).
Does GoDaddy use Fantastico? I know we recently patched our servers for <a href="http://www.1337day.com/exploits/16512" rel="nofollow">http://www.1337day.com/exploits/16512</a><p>Not sure if GoDaddy did (or needs to) do the same.