GoDaddy apparently uninterested in fixing their security hole

tl;dr Sucks to get hacked, GoDaddy is about to lose a customer.<p>I got hit this morning with the exact exploit mentioned here, I was able to clean out the codebase and get a half-working site back up just so I could close it out properly. I felt awful, I was keeping everything up to date, following security best practices, I couldn't figure out what had went wrong. This article is making me completely rethink GoDaddy as a host, namecheap will probably be getting my business pretty soon.<p>What's even more disheartening is that until this point I have never really had a reason to dig into the WordPress code, when I did I found ridiculous "easter eggs" that to my well trained PHP eyes looked like malicious code. It wasn't until I verified that it was release code and was meant to look that way did I realize it wasn't part of the exploit. Take a look at wp-admin/revisions-js.php and tell me it doesn't look like some dirty exploit is hiding in there.

And for more reasons not to use GoDaddy - <a href="http://nodaddy.com" rel="nofollow">http://nodaddy.com</a><p>I moved all of my domains (60+) from them to namecheap after they killed off Fydoor's seclists.org domain without any warning.<p>Before that I had sampled their virtual domain hosting accounts, and unfailingly found their tech support to be clueless.

Another wordpress blog hosted on godaddy that got hacked. Luckily, I caught it when it started redirecting and was able to restore the hosting account to a week prior. Coincidently I was moving my hosting over to media temple that weekend and fortunately didn't move the virus over.<p>After the headache that godaddya vulnerability caused, they sent me the exact same bullshit about updating wordpress. I have and always have updated wordpress and plugins within days of a new release.<p>Godaddy is for registering domains only, I learned that the hard way last weekend...<p>Also, I was in contact with a couple of people making money off of the base64 vulnerability: they have packages specifically for cleaning and securing the install. What's funny is that they have no way of securing it, just temporarily cleaning it until it gets hacked again. The article has some advice and you check out their services:<p><a href="http://www.wpsecuritylock.com/cechriecom-com-script-wordpress-hacked-on-godaddy-case-study/" rel="nofollow">http://www.wpsecuritylock.com/cechriecom-com-script-wordpres...</a>

So you found the exploit code, nice work. But you can't actually say how it got there? Prove it's not a WordPress 0day vulnerability allowing the file to be created.<p>I understand your frustration with being stonewalled by GoDaddy support, but look at it from their end. Unless you can prove it's a vulnerability in their service, why should they take action?

The issue is effecting WordPress sites, unclear if anything else. I assume not DNS.<p>Who uses GoDaddy for anything besides DNS?

This seems to be a trend with GoDaddy: <a href="http://blogsearch.google.com/blogsearch?q=godaddy+hack" rel="nofollow">http://blogsearch.google.com/blogsearch?q=godaddy+hack</a>

I'm constantly disappointed in how GoDaddy's treatment of customers has gone down. It used to be really good, but now it's all marketing ploys, sending customers in mazes until they give up, and nickel-and-diming every purchase.

this is exactly why I switched to namecheap not long ago

I think they lack competencies to fix the bug.