Bleeping Computer: Hundreds of GoDaddy-hosted sites backdoored in a single day. “Internet security analysts have spotted a spike in backdoor infections on WordPress websites hosted on GoDaddy’s Managed WordPress service, all featuring an identical backdoor payload. The case affects internet service resellers such as MediaTemple, tsoHost, 123Reg, Domain Factory, Heart Internet, and Host Europe Managed WordPress.”
Search Engine Journal: Data Breach Spreads To Six Web Hosts. “The GoDaddy data breach that affected up to 1.2 million web hosts has expanded to six more web hosts serving customers worldwide. The six additional compromised web hosts are resellers of GoDaddy’s hosting services. The extent of the intrusion appears to be the same as with GoDaddy, with matching dates of when the security intrusion began.”
ZDNet: Over a million WordPress sites breached. “WordPress is far more than just blogs. It powers over 42% of all websites. So whenever there’s a WordPress security failure, it’s a big deal. And now GoDaddy, which is the top global web hosting firm with tens of millions more sites than its competition, reports that data on 1.2 million of its WordPress customers has been exposed.” This looks really bad.
ZDNet: GoDaddy takes down 15,000 subdomains used for online scams. “Web hosting provider and domain registrar GoDaddy has taken down more than 15,000 subdomains that were being used as part of a spam operation that lured users on web pages selling fake products.”
Ars Technica: GoDaddy weakness let bomb threat scammers hijack thousands of big-name domains. “Remember the December 13 email blast that threatened to blow up buildings and schools unless recipients paid a $20,000 ransom? It triggered mass evacuations, closures, and lockdowns in the US, Canada, and elsewhere around the world. An investigation shows the spam run worked by abusing a weakness at GoDaddy that allowed the scammers to hijack at least 78 domains belonging to Expedia, Mozilla, Yelp, and other legitimate people or organizations.”
ZDNet: AWS error exposed GoDaddy business secrets. “Cybersecurity firm UpGuard’s Cyber Risk Team said on Thursday that a set of documents were left in an Amazon S3 bucket which was available to the public. GoDaddy is a domain name registrar and hosting provider which caters for millions of customers worldwide.”
GoDaddy has launched a search engine for emoji domain names. “Technically, emoji domains have been around for years. GoDaddy provides a timeline on its search site. But they were difficult to search for and required some understanding of how the domain name system handles characters. (If ASCII or Punycode mean anything to you, you probably already knew about emoji-based domains.) GoDaddy’s site aims to make it easy for anyone with a phone to find available emoji domains.”