Tag Archives: GoDaddy

Popular web domain name service provider GoDaddy has confirmed that intermittent redirects were happening on seemingly random websites hosted on its cPanel shared hosting servers. 

After receiving customer complaints in December 2022 about their websites being intermittently redirected, GoDaddy investigated and found that an unauthorized third party had gained access to servers in its cPanel shared hosting environment and installed malware which led to the intermittent redirection of customer websites. The situation has been remediated and security measures implemented to prevent future infections. 

In a regulatory filing to U.S. Securities and Exchange Commission (SEC), popular web domain name service provider GoDaddy has confirmed that the company suffered a multi-year security…

GoDaddy also faced security events from 2020 to 2022, which it shared were carried out by the same attacker.
| Photo Credit: Special Arrangement

An unauthorised third party gained access to GoDaddy, a web host, domain registrar and website building platform’s, servers in its cPanel shared hosting environment and installed malware causing intermittent redirection of customer websites, the platform shared in a blog post.

The breach was first discovered in December 2022 after the platform investigated customer complaints about their sites being used to redirect to random domains.

The company claims that a sophisticated threat actor group, among other things, installed malware on its systems and obtained pieces of code related to some services in the Dec. 2022 attack.

The company also…

An unknown threat actor has been sitting in GoDaddy’s systems for years, installing malware, stealing source code, and attacking the company’s customers, the web hosting giant confirmed in an SEC filing late last week. 

Per the filing (opens in new tab) (via BleepingComputer (opens in new tab)), the attackers breached GoDaddy’s cPanel shared hosting environment and used that as a launch pad for further attacks. The company described the hackers as a “sophisticated threat actor group”.

The company believes a “sophisticated and organised” group targeting hosting services was responsible for the attack.

GoDaddy is one of the largest domain registrars and web hosting services in the world, with more than 20 million customers worldwide.

The firm said some customers complained about websites being intermittently redirected in early December 2022.

Upon investigation, the company found the issue was affecting random websites hosted on GoDaddy’s cPanel shared hosting servers.

GoDaddy found that an unauthorised third party had gained access to its servers in the cPanel shared hosting environment, and had also installed malware causing the intermittent redirection.

As is standard, the company remediated the situation and implemented new security measures.

While it discovered…

In brief Web hosting and domain name concern GoDaddy has disclosed a fresh attack on its infrastructure, and concluded that it is one of a series of linked incidents dating back to 2020.

The business took the unusual step of detailing the attacks in its Form 10-K – the formal annual report listed entities are required to file in the US.

The filing details a March 2020 attack that “compromised the hosting login credentials of approximately 28,000 hosting customers to their hosting accounts as well as the login credentials of a small number of our personnel” and a November 2021 breach of its hosted WordPress service.

The latest attack came in December 2022, when boffins detected “an unauthorized third party…