How Do Big Companies Like GoDaddy Provide Hosting So Cheap? By Cutting Corners And Putting You At Risk22 Nov 2021
I woke up to this alert this morning from WordFence...
GoDaddy announced this morning that they have been breached. Our team took a deep dive into the breach and found that GoDaddy appears to have stored passwords in plaintext, or in a format that could be reversed back into plaintext, which is not an industry best practice.
We confirmed this by signing into a GoDaddy Managed WordPress Hosting Account and verifying that we were able to view our own sFTP password. That means the attacker didn't need to crack the passwords and could likely retrieve them directly.
According to GoDaddy's own SEC filing: "For active customers, sFTP and database usernames and passwords were exposed."
The attacker had access to GoDaddy's systems for over two months before they were discovered.
We have published a detailed post explaining how customers are affected, and what to do. Please pay special attention to our comments regarding your own customer notification obligations, if your site(s) are affected by this.
Wow. The FTP passwords for 1.2 MILLION GoDaddy customers are now out on the internet. What is worse is that the attacker had access to the passwords for TWO MONTHS before anybody at GoDaddy knew. If those passwords were re-used between other accounts (say, social media or email logins) then a lot of GoDaddy customers are about to have a Very Bad Day.
Here are a few of the steps I take to protect your website from this kind of disaster:
- Any FTP access to AWS servers requires a private, encrypted keyfile as well as a login and password. Unless I have made one specifically for a customer, only I have that keyfile.
- All unnecessary access to AWS servers is disabled so that holes are not left open for attackers.
- Two-Factor Authentication is used on all direct server account access. This means a secret, time-limited code (it changes every 60 seconds) is required on top of a username and password. Even guessing my passwords will not be enough to access the web and database servers at AWS.
It is also important that your website is locked down so it is safe from hacking. These are the steps I take to keep your site and data safe:
- Every WordPress site has WordFence installed. WordFence provides services to check for changes in WordPress core and plugins code to identify if a hacker has made any changes to them (for example, if a hacker tried to install a "back door" or malware). WordFence maintains a list of global attacks and checks for them.
- An external security check is performed nightly on all sites to identify tell-tale signs of malware or hacking. This uses an up-to-date vulnerability database to run tests. This is a two-pronged defense - internal and external - to monitor your site's safety.
And finally, Cloudflare DNS provides these services to keep your website safe:
- The WordPress login page is protected from brute-force attacks by password guessing bots.
- Your website IP address is hidden so that your server can not be targeted directly.
- Denial of Service attacks (DoS or DDoS) are stopped by Cloudflare's edge servers so that your web server can not become overloaded by an attacker or somebody attempting to ransom your site or take control of it.
At GMAC Internet Solutions your website is in safe hands. I don't just make awesome sites that make you look good. I make sure your site never becomes another statistic on an internet that is full of bad actors, hackers and criminals.
If your IT provider suggests using GoDaddy (or any other large hosting provider) to save money then give me a call. IT support people often have out of date knowledge about website-related issues and frankly do not know what they do not know. That's why there are so many data breaches and hacks. There is a better way.
If you would like to know more about how all this works then I am always available to answer any questions. Give me a call or email and I would love to run you through it all. It might get nerdy but that's because I am a big nerd when it comes to internet security.
The internet is a dangerous place. Let me keep your website and its data safe.
GMAC Internet Solutions