An attacker gained access to the provisioning system for GoDaddy’s managed WordPress service
Wait, doesn’t Wordpress itself hash passwords? How the hell did they fuck this up?
Apparently it was the database and sFTP passwords that were exposed.
Doesn’t SSH hash passwords too?!
Yeah…but it looks like they were storing the passwords to connect to the sFTP service!!
Sigh. And the worst part is that nearly ever major web framework has a well known library for securely storing passwords.
Honestly, no one should be using GoDaddy (or Bluehost, domain.com, etc). Ever. They’re only big and well known because of unethical practices. Use a local hosting company whenever possible (also usually much more affordable since they have to find ways to compete with the big names, and usually offer expert support since the server staff/owners themselves usually do the support due to limited funding).
deleted by creator
That doesn’t look local, looks more like a national company. But I don’t speak the language.
I meant specifically the typical local techie who runs an open source server solution for the local businesses and hobbyists.
deleted by creator
I warn everyone I know to avoid GoDaddy. Mostly because of their shady billing practices and their confusing proprietary management software. I guess poor security can be added to my list.
