The aftermath of the on-going hacks directed at major hosting services continues to cause pain with those trying to clean up and restore their sites.
Once again, we at WPSecurityLock.com want to stress that these attacks are not limited to any one platform or any one hosting company. We have had reports for not only WordPress installations, but Joomla, Pligg and “Simple Machines Forum” as well.
Monday, May 3, 2010, Go Daddy reached out to us to join them on a conference call. Go Daddy security and communications team members participated with our WPSecurityLock team. Be assured that they, as well as the blogging community, are frustrated but persistent on working through these problems.
We at WPSecurityLock want to emphasize that all parties must work together against the common enemy – the malicious hackers. WordPress, Go Daddy, Network Solutions and users with weak passwords are NOT the enemy. The attackers should be the focus, not the attacked.
The following is a statement from Go Daddy Communications:
Go Daddy Cares! Here's some info…
We do take our position as an Internet leader seriously, especially when it comes to security. This is why we are going the extra mile to get the word out. We appreciate your invitation to answer the question, ‘What is Go Daddy doing to help?'
As the world's #1 Web host provider, Go Daddy is a logical target for speculation and misinformation. With this exploitation issue, both the prevention and the cure are not under our control — because the customer decides whether to update the software they run. (If you think about it, it's like forgetting to lock your car and blaming the auto manufacturer when your car is stolen.) Our job is to help identify issues and inform our customers about how they can protect their sites.
This is why we are working to proactively communicate and educate Internet users about this situation.
Here are a few of the initiatives we have going right now.
As a service to our customers and all Internet users:
- Go Daddy scanned our 4M hosted sites to identify sites impacted (we did this immediately upon learning about the issue last week, and again over the weekend).
- Contacting Go Daddy customers impacted by phone and/or email to let them know how to protect their sites (in some cases, we've alerted them even before they realize they are impacted).
- Go Daddy is also taking the leadership role with educational communication — posting Help Articles to our Community & Customer Service pages to provide “1,2,3 Info” on how to properly update software.We'll update the Help Articles as needed and also be posting another Help Article with actual illustrations/screen shots to make the security update process easy for even the most remedial of Web users to follow.
Go Daddy Communications
We at WPSecurityLock are committed to educating our readers and getting the word out that security is no longer optional. Please take your blog and site security seriously and take the steps needed to lock down your blog. Go Daddy is making some strong efforts to keep out the attackers. We hope that GoDaddy.com reaching out to us and directly to their customers becomes a refreshing trend in customer service.
The customers out there are scared, mad and tired of restoring and rebuilding. Your voices are being heard! The tide of comments from you, our readers, has got their attention. Have you heard from Go Daddy? Have they reached out to you?
UPDATE 5/4/2010 at 3:15pm CST: Here's an updated statement from Go Daddy…
All info with Help articles can be found on our Community Page
Go Daddy Communications
UPDATE 5/5/2010 at 3:00pm: We'd like to thank Scott from Go Daddy's IT Security Operations department for speaking at our teleseminar today. The audio replay is now available on the webcast page.
Scott has provided the following helpful links for you:
Upgrading WordPress the “best practice” way:
Form to contact our Security Team:
UPDATE 5/5/2010 at 5:00 pm: We have just uploaded a portion of today's WordPress Security Teleseminar with Scott from Go Daddy. You can listen to the audio by pressing the play button below:
Get Secure! Stay Secure!
REGISTER NOW TO LISTEN TO THE AUDIO REPLAY WITH GO DADDY AND WPSECURITYLOCK!
You can still listen our WordPress Security Teleseminar Replay with special guest, Scott from Go Daddy recorded on May 5, 2010.