GoDaddy just sent us an update. I am glad they are now acknowledging that they have a problem and are looking to fix it. They didn’t give more details to avoid revealing too much and helping the attackers.
No more blaming the users! I am glad with this response and hopefully they will find out what is going on and fix it.
“Early into our investigation, Go Daddy noticed a majority of exploited websites were all running WordPress. After feedback from customers, more attacks and more in-depth analysis, we modified our statement to specify the attacks targeted numerous PHP-based applications, which included WordPress.
Transparency is a core value at Go Daddy. We intend to continue our commitment to communications. There are times, however, when publicly revealing too much, such as specific code from the attack, helps the criminals causing the issue.
We are aggressively collecting data to see how the attack is maturing and to discover ways we can help prevent our customers from being impacted and shut down ‘the bad guys’ altogether. Go Daddy is leading an ongoing effort, working with industry security experts and other top hosting providers.
As part of our investigation, Go Daddy is encouraging customer input about their related website issues, which is why we set up a special form: http://www.GoDaddy.com/securityissue.
Look for further updates from Go Daddy on this topic, at http://Community.GoDaddy.com/support
- Todd Redfoot, Go Daddy Chief Information Security Officer”
Transparency is important and hopefully when they find out what happened they will do a full case study so we can all learn from that (or am I dreaming too much?)