As CtWatchdog.com came under a malware attack last weekend, I had an opportunity to first-hand witness how the largest web hosting company in the country – GoDaddy.com – handles such sensitive and time critical issues. The view was not pretty.
GoDaddy officials Thursday said they were aware that several sites it hosted had been under attack by the “Hilary Kneber” group since at least last Saturday. They said they had been working as fast as possible to get rid of the virus and keep their customers informed. They insisted that my site was cleared of any virus and malware was found on only two data bases GoDaddy hosted for us that we used for backups and testing. No malware was actually found on the CtWatchdog site, they said. Those databases are not connected to CtWatchdog.
However, from Sunday through Wednesday, every one of the more than 15 technical advisers and at least four supervisors I and our web master, Ted Funsten, talked to, denied having knowledge that GoDaddy sites were under attack.
In fact all – including at least three members of their security division – said they were unaware of any virus attacks similar to what CtWatchdog was experiencing. During every conversation they assured me that they had found no malware on CtWatchdog.com and had reported that to Google.
As of Wednesday night, Joshua, a security division supervisor at GoDaddy said he was unaware that GoDaddy hosted sites had been subjected to virus attacks similar to what I had described to him we had found at CtWatchdog.
I pointed out to him that the issue had been reported Saturday on the Internet by Sucuri.net, a firm that specializes in getting rid of viruses. It was on that site that on Tuesday I first learned of the nature of the attack. I had signed up for the virus protection from Sucuri on Tuesday when it became clear to me that GoDaddy was not providing us the necessary information or help.
“It seems that after a few months quiet, the “Hilary Kneber” group is back at it again. Their latest approach is very typical of Hilary Kneber style attacks affecting GoDaddy shared hosts. Basically they modify every PHP file and the database to make sure every page in the infected site is loading malware'” says the Saturday posting.
Anyone going to the home page of CtWatchdog.com would have been unaware of the attack other than the lede blog on the page warning readers that we were under attack.
It was only by clicking on a story that a popup warning appeared. Instead of the story, a warning from Google appeared saying that going beyond that point could infect a computer. I foolishly failed to heed the warning as I wanted to make sure it was real. As a result my PC crashed and I am in the process of rebuilding it.
From Sunday – when it was first clear that we were under attack – until today, only one person at GoDaddy gave us a straight answer.
After being assured late Monday or early Tuesday that CtWatchdog was not a threat to any readers and Google had taken the site off the virus list, we were still seeing warning popups. I called GoDaddy Tuesday afternoon.
Terry answered the phone and told me the same story that Ted and I had been hearing since Sunday – no malware had been found on your site. I asked Terry to go to the actual site and try to view a column to determine if the pop-warnings were still there.
She refused. I asked her why? She said “security.”
I frankly had trouble believing it and insisted on an explanation. Terry told me that when she had been on CtWatchdog.com on Monday – apparently answering Ted’s questions – her computer became infected and she was afraid to return to the site.
On Wednesday afternoon I received a voice-mail message from “Mike” telling me that “abnormal code” was found on the databases and had been cleaned up. Yet even after his call I saw a popup warning. That is when I talked with Joshua who actually helped me restart the website. He spent at least three hours with me attempting to figure out the issues. In the end he said he was turning the issue over to the hosting department because they were more knowledgeable about my platform. He said he would instruct them to reset my site to where it was on Feb. 18, before the virus struck.
When I woke up this morning, instead of Feb. 18, my site was restored to last May. Ted and I have been rebuilding the site and hopefully everything will be back to normal in another day or two.
GoDaddy spokesman Phil Stuart conceded today that several sites on GoDaddy were attacked by the malware and said he would look into the complaints I had with his company.
He promised to call me back at 5 p.m. to discuss what he had learned. Stuart did not call back but Brian Goble, a member of the Office of the President at GoDaddy did.
Goble said he wanted to be “totally transparent” with me, admitting that his company was aware of the attack and conceding that “parts (of GoDaddy’s interactions with Ted and myself) could have been handled better.”
He said it appears there was miscommunication, but denied any of the 20 people we spoke to lied to us.
Goble had no explanation on why Terry told me her computer was struck by a virus after going to CtWatchdog and said even when he finds out he won’t be able to tell me. Nor will he be able to tell me what other improvements the company will make as the result of my complaints.
However, Goble insisted that several security teams were aware of the malware attacks.
“I can assure you they were aware,” he said.
His only explanation for why the 20 people Ted and I talked to denied knowledge of the attacks was because they were not permitted to discuss other clients’ issues.
He offered me three months of free hosting and three months of free virus protection.
I told him we would be moving CtWatchdog to a more responsible hosting firm and would not need the additional hosting.
As far as his virus protection, I told him we had already had a taste of how well it works.
- Easy Fix For Walware Attack That Could Cut Your Access To The Internet July 9
- Protect Your PC From Virus and Malware With Three Free Programs
- Hundreds of Thousands Of Macs Infected With Malware
- Woopra: A GREAT Program For Your Website Analytics
- Google Warning Millions That Their PCs Are Infected By Virus
- Hospital Data Breach Affects 4.5 Million Patients