GoDaddy SPAM: Security Incident Impacting Your GoDaddy Web Hosting Account

Questions and discussion about web design, search engine optimisation and hosting
Santeri
Posts: 287
Joined: 2017-7-5 09:58

Unread post by Santeri » 2020-4-29 15:41

I noticed a a few days ago that my SSH passwords had been reset and today I received the following "security" notification:
GoDaddy <donotreply@godaddy.com> wrote:
2020-4-29 15:20
Subject: Security Incident Impacting Your GoDaddy Web Hosting Account

Dear XXXXXX:

We need to inform you of a security incident impacting your GoDaddy web hosting account credentials.

We recently identified suspicious activity on a subset of our servers and immediately began an investigation. The investigation found that an unauthorized individual had access to your login information used to connect to SSH on your hosting account. We have no evidence that any files were added or modified on your account. The unauthorized individual has been blocked from our systems, and we continue to investigate potential impact across our environment.

We have proactively reset your hosting account login information to help prevent any potential unauthorized access; you will need to follow these steps in order to regain access. Out of an abundance of caution, we recommend you conduct an audit of your hosting account.

This incident is limited in scope to your hosting account. Your main GoDaddy.com customer account, and the information stored within your customer account, was not accessible by this threat actor.

On behalf of the entire GoDaddy team, we want to say how much we appreciate your business and that we sincerely regret this incident occurred. We are providing you one year of Website Security Deluxe and guaranteed malware removal at no cost. These services run scans on your website to identify and alert you of any potential security vulnerabilities. With this service, if a problem arises, there is a special way to contact our security team and they will be there to help.

Again, we apologize for any inconvenience this may have caused. We have already taken and will continue to take measures to enhance our security in light of this incident.

If you have any questions, or you need further assistance, please call +1 (480) 505-8877.

The GoDaddy Security Team
Image
The Einsteins of GoDaddy Security Team have disabled all the basic GNU/LInux commands and utilities for checking what is broken or if something has really happened, but as far as I can tell nobody has done anything on my accounts, not even tried to access them.
Albert Einstein wrote:Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.
There was a suspicious link included in the message making it look like yet another spam trying to peddle their useless "products" for clueless customers:

Code: Select all

https://click-email.godaddy.com/6BhOxNSG9fZKHzBoIxMIZy/?currencyId=USD&eid=ocp.email.marketing/SSHNoticeEmergencyGD/body1.RP_Body_Blocks/SSH911Emergency/GoDaddy_Body.link.click&marketId=en-US&redir=https%3A%2F%2Fwww.godaddy.com%2Fhelp%2Fconnect-to-my-web-hosting-account-with-ssh-secure-shell-4943%3Fisc%3Drp2515a%26utm_source%3Dgdredpoint%26utm_medium%3Demail%26utm_campaign%3Den-US_dom_email-nonrevenue_base_gd%26utm_content%3D200429_5606_Customer-Success_Domain-Reg-Domain-Name-Registration_Product_Product-Notification_rp2515a_6BhOxNSG9fZKHzBoIxMIZy
Obviously, I didn't dare to click that "link".



Santeri
Posts: 287
Joined: 2017-7-5 09:58

Unread post by Santeri » 2020-5-1 23:11

And here came the confirmation that resetting my SSH passwords and fabricating a security incident was a malicious marketing campaign to peddle yet another useless crappy "security product":
GoDaddy <donotreply@godaddy.com> wrote:
2020-5-1 22:37
Subject: Your free Website Security Deluxe product is enclosed.

We recently sent you an email about getting one year of Website Security Deluxe at no cost. Here's how you can get the product.

To add Website Security Deluxe to your customer account:

1. Go to our Redemption page and enter the redemption code(s) directly below.

Redemption code(s)*
WSS1-8035-8206-8141

2. After you Submit, log in to your account and confirm your free order.

Once you confirm you'll get an email with instructions on how to activate Website Security, or you can visit this help article.

Thank you for being a customer, we truly appreciate it. And if you ever need help, you can contact our GoDaddy Guides at 480-463-8390.


* Valid one time and expires in one year.
Please do not reply to this email. Emails sent to this address will not be answered.
Copyright © 1999-2020 GoDaddy Operating Company, LLC. 14455 N. Hayden Rd, Ste. 219, Scottsdale, AZ 85260 USA. All rights reserved.
How low can you go, GoDaddy?
Image
Naturally there is no unsubscribe link because I have explicitly forbidden any spam like this. So they circumvent it by staging a "security incident" which they can exploit to spam me. I wonder how many of their customers are falling to these scams without even knowing what is happening.

Santeri
Posts: 287
Joined: 2017-7-5 09:58

Unread post by Santeri » 2020-5-6 07:25

GoDaddy morons are now spamming the same fake marketing bullshit in Finnish, too:
GoDaddy <donotreply_FI@godaddy.com> wrote:
2020-5-5 20:32
Subject: GoDaddy-verkkohotellitiliäsi koskeva tietoturvaloukkaus.

XXXXX,

Havaitsimme äskettäin epäilyttävää toimintaa palvelintemme osajoukossa, ja suoritimme välittömästi tutkinnan. Havaitsimme, että valtuuttamaton henkilö oli päässyt käsiksi kirjautumistietoihisi, joilla hän muodosti yhteyden SSH-protokollaan verkkohotellitililläsi. Meillä ei ole näyttöä siitä, että tiedostoja olisi lisätty tai muokattu tililläsi. Valtuuttamaton henkilö on estetty järjestelmistämme, ja jatkamme tutkimuksia ja toimia palvelujemme turvallisuuden parantamiseksi.

Olemme nollanneet verkkohotellitilisi kirjautumistiedot, ja sinun on seurattava näitä vaiheita päästäksesi taas käyttämään tiliä. Suosittelemme sinulle myös verkkohotellitilisi tarkastamista varotoimenpiteenä.

Tämä tapaus koski vain verkkohotelliasi. GoDaddy.com-asiakastilisi ja sen sisältämät tiedot eivät vaarantuneet eikä tämä vaikuttanut niihin.

Haluamme koko GoDaddy-tiimin puolesta kiittää asiakkuudestasi ja pahoitella tapahtunutta. Hyvitykseksi tarjoamme sinulle maksutta yhden vuoden Sivustosuojaus – Luksus -tilauksen ja taatun haittaohjelmien poiston yhdelle sivustolle. Nämä palvelut suorittavat verkkosivustosi tarkistuksia, tunnistavat mahdolliset haavoittuvuudet ja ilmoittavat niistä. Kun sinulla on tämä palvelu, ongelmatilanteita varten on olemassa erillinen yhteydenottotapa, jolla tietoturvatiimiimme saa nopeasti yhteyden.

Näin lisäät Sivustosuojaus – Luksus -tilauksen asiakastiliisi:

1. Siirry lunastussivulle ja syötä lunastuskoodi(t) suoraan alla olevaan kenttään.

Lunastuskoodi(t)*
WSS0-2212-6451-3352

2. Kun olet valinnut Lähetä, kirjaudu tilillesi ja vahvista ilmainen tilauksesi.

* Vahvistuksen jälkeen saat sähköpostin, jossa on ohjeet Sivustosuojauksen aktivointiin. Löydät ohjeet myös tästä ohjeartikkelista.
Kiitos asiakkuudestasi, arvostamme sitä suuresti. Pahoittelemme vielä tästä mahdollisesti aiheutunutta vaivaa.
Image

No More FuckDaddy

Unread post by No More FuckDaddy » 2020-5-11 10:18

I bought that useless piece of shit security product and now I can not unsubscribe it and next year I will have to pay over 200 dollars. Any ideas where to move my hosting?

Post Reply