GoDaddy Support

Brute-Force Attacks Continue to Target Customers

Date Submitted: 4-12-2013 by Go Daddy

Not what you're looking for?
We want your feedback!

Over the past several days we have seen a sharp increase of brute-force attacks on our system. These attacks attempt to gain access to customer accounts that have weak passwords.

While these attacks are nothing new – our Security team identifies and defeats dozens of them every day – this current wave is sophisticated and large in scope. Many hosting providers are reporting similar issues this week.

We believe we have mitigated much of the attack, but there is a chance you could be affected as it continues. Because of the security measures we must put in place to address this, some customers have experienced difficulty accessing the admin pages for WordPress® or Joomla!®, while others have had intermittently unresponsive sites because of the attacks.

While we continue to take preventive and active measures to mitigate this attack, there’s also something you can do.

What We’re Doing

Our Security team continues to identify these attacks, down to the IP address, and block anything that looks malicious. Additionally, we’ve installed new features on every single one of our thousands of servers to block these bad actors more quickly.

What You Can Do

Regardless of whether you use WordPress or Joomla! for your website, this worldwide attack could affect you. That’s why it’s imperative that you use strong passwords.

We all know that “password123” is not a wise idea for a password, but neither are dictionary words, your dog’s name, or the name of the street you live on. Attackers have libraries of the most common passwords, and use those lists in attacks like we’re experiencing.

The tougher and more sophisticated your password, the more difficult it will be for an attacker to gain access. See x.co/strongpass for more information on creating a strong password.

And remember, if you use the same password for your hosting that you do for your bank account, an attacker could compromise much more than your website. Make sure your passwords are unique for all your accounts.

Thanks for your patience while we fight these attackers.

15 Comments on "Brute-Force Attacks Continue to Target Customers"

  • by skynetxd on April 12th, 2013

    Godaddy please do our best to stop this! I trust in godaddy STAFF!

  • by julescrafter on April 12th, 2013

    Thank you for the explanation. I hope it will resolved soon.

  • by freedomhealth on April 12th, 2013

    We have been able to access WordPress admin for two days now. When may we expect to get access? This has not been resolved for our site.

  • by marktehira on April 12th, 2013

    I am having problems launching my new email account. I have just signed up and it show an alert message…pending validating mx records, I have been waiting for this to validate or whatever needs to happen for almost 48 hours – I cannot launch anything or change anything.
    I was under the impression that I would be up and running with this email client straight away as I have a website hosted with another web client.
    Able to sort this out as I am becoming increasingly aware that godaddy isn’t a valid and upstanding host.

  • by unpleasant on April 13th, 2013

    is this why FTP is not working? i just signed up because i heard this was good, cant even access FTP

  • by jude_boomvire on April 16th, 2013

    my website has been down for days. may i know whether it is due to this reason, and when will my service be resumed. thanks

  • by wsmg on April 16th, 2013

    I can’t get into site – the site itself or my wp log in in order to change my pw. what is the solution TODAY? It’s been w days. No one seems to be able to help. the go daddy phone rep said something to the effect of “It’s for my own good” but how am i able to resolve this?

  • by tex_shoemaker on April 16th, 2013

    So when will I be able to go to my quick shopping cart to get my orders? This is costing us money everyday, not to mention the customers that are calling with questions on their orders.

  • by waterguy on April 16th, 2013

    What about services such as Incapsula?
    I started to sign up but in order to do so, I was told:

    “Please point http://www.mywebsite.com DNS records to Incapsula why?
    The DNS for http://www.mywebsite.com is handled by Godaddy.com.
    Follow these simple steps to perform the changes to the domain’s DNS records (Zone File):

    Update the A record for “[mywebsite].com” (naked/bare domain)
    pointing it to 199.83.131.5
    Add another A record for “[mywebsite]” (naked/bare domain)
    pointing it to 199.83.133.244

    Create or update the CNAME record for “www.[mywebsite].com” so that it points to cs6kz.x.incapdns.net

    My question is, can we do this and is there any problem or potential problem associated with doing this?

  • by gunnshow on April 16th, 2013

    it doesnt help either that half the passwords you type in are limited to 14 characters.

  • by krsnaknows on May 6th, 2013

    Godaddy – am having terrible time for the last 1 month accessing my site and also it ending up in Server Hangup everytime i try to login…am not able to do any changes to my site and nor the visitors are able to access it when it is required

    my site is http://www.krsnaknows.com
    Pls let me know as i cannot be having this issues continued forever and slowing losing hope
    pls do the needful

  • by nohelp on May 7th, 2013

    No support, i start planning go aways!!! After many days to try.

  • by ty86505 on May 30th, 2013

    Go Daddy, Please take a good long look at my website:, http://www.rezbandz.com.
    I’ve ask for help several times because I believe my website was hacked. Your support staff must only have limited resources to help your customers. I need my website back to it’s original state. Can you please respond with a quit courteous fix. I’ve been a loyal customer since 2006, if that helps.

  • by webdeveloperdl on July 8th, 2013

    One of my 2 websites is being affected – not by the attacks but by the measures GoDaddy has put in place to stop them!!!

    I use AJAX – a lot – in fact the entire website loads all content using an AJAX request. I’ve noticed that the first 2 or 3 AJAX requests work just fine. After that they stop working. I get an immediate successful response but the response is empty! Meaning the responseText has a length of 0. I am 100% sure that the AJAX requests are not going to my site at all at this point.

    So my website is essentially killed. Not by the attackers. By GoDaddy. I cannot get GoDaddy support to do anything about it either. I’ve spent DAYS on the phone with GoDaddy support and all I get after hours of waiting is someone pointing me to a web page that teaches you how to code an HTML anchor tag! Seriously!

    Has anyone else had their website killed?

    BTW I have another website on GoDaddy that uses AJAX and it’s working just fine.

  • by bobpasky on July 26th, 2013

    Not sure if this is related, but…
    I manage three different sites on GoDaddy and all of them were hacked.
    My *.js files were all replaced with files that were a couple of hundred bytes longer, and with a modified date of July 21, 2013.
    Whatever was done to them caused the Javascript to stop working.

    Fortunately, I was able to fix the sites by re-uploading the correct .js files.

    Surely, I can’t be the only one who was affected.

    – Bob

On April 16, 2014 you said:

NEED HELP? Call our award-winning support team 24/7 at (480) 505-8877
Submit

United States - English
Traffic Log Image