15,000 subdomains hosted on legitimate, but hacked, sites were taken down following discovery by Palo Alto Networks security researcher Jeff White. It's believed the hackers used phishing of credential stuffing attacks to access the hosting on GoDaddy. [zdnet.com...]
JS_Harris
12:22 am on Apr 30, 2019 (gmt 0)
I think Google is being cautious with sites on Godaddy today. Accounts and domains that were not affected are reporting traffic at half the pageviews they'd normally expect since late last night.
Whenever an article claims that massive numbers of accounts were "hacked into" I get very sceptical. It would take one person a very, very long time to hack into and update 15,000 sites unless they found an intended back door type of thing.
Something happened, however, and it's nice to see a host act on it when they know.
tangor
6:17 am on Apr 30, 2019 (gmt 0)
15k gone? 15,000,000,000,000 more to go. :)
Hackers, meanwhile, will step up their volume.
Whack-a-mole lives!
engine
8:09 am on Apr 30, 2019 (gmt 0)
Whenever an article claims that massive numbers of accounts were "hacked into" I get very sceptical. It would take one person a very, very long time to hack into and update 15,000 sites unless they found an intended back door type of thing.
According to the report, "only hundreds" of accounts were hacked, making it a little easier that hacking 15,000 individual accounts. Also, its been going on for at least a couple of years.
JS_Harris
11:00 am on Apr 30, 2019 (gmt 0)
Update: It's not Google being cautious, it was new hacks, lol.
Two good friends of mine each saw their godaddy hosted site traffic cut in half early am on the 29th, or right when Godaddy was in the middle of "fixing" things. Rankings seemed unchanged but GA definitely confirmed a 50-60% traffic loss.
upon closer inspection they discovered code in the htaccess file that redirects search visitors to a php file and that php file sends it off to a russian domain. That russian domain, however, is registered to someone in france and the code, once decrypted(yay un-php) had french language markup, not Russian.
Oddly the last updated time on the htaccess file is two weeks prior yet backups from the day before are clean. Also the php file was first accessed by us last night, somehow whoever uploaded it did not trigger a timestamp for that event with Godaddy. Neat trick. Both are looking for new hosts this morning.
All coincidence? Passwords changed, they didn't use wordpress, we'll see if it comes back.
