These attacks are being done by the same group. In the last few weeks, they used:
http :// www.indesignstudioinfo. com
http :// zettapetta. com
http :// holasionweb. com
http :// www. losotrana. com
All of them registered by the same person (and hosted at the same IP). I had my share of problems with GoDaddy, but let's not forget that they are victims as well.
And it would be almost kind of ok if they actually said, hey, we're victims here too... instead of their actual ongoing response to their customers of "it's not our problem".
Yes, publicly they are making some (very limited) concessions that this is an issue they need to deal with, but I am still hearing about customers getting 0 help from GoDaddy's support. Even when they did admit to the problem not being the customer's faults they tried watering it down with "well, look... it's not just us. Other hosts got hit too".
The other hosts, however, aren't laying claim to being the "world's largest hosting provider", nor are they spending millions on the next Super Bowl commercial that might better be spent on, oh, I don't know... maybe fixing the problem...?
It common knowledge that shared servers at GoDaddy never have been anything better than average, but a lot of people think that GoDaddy still is the place to go for domains. Trust me, there are a lot of better options out there.
Their domains are the among the cheapest on the internet (7.15$ with free privacy settings, Godaddy would take over 20$ for the same offer), they have great support, a great API, and a simple (although ugly) website/domain registration process. GoDaddy on the other hand, has a completely bloated UI designed into tricking you into buying a lot of junk that you don't need.
Thing is, GoDaddy domains are similarly cheap if you use the widely available coupons. My last renewals were around $7. I am pretty sure no one is disputing bloat on GoDaddy UI... even Bob Parsons.
That said, Namecheap is another good registrar, which I have had occasion to use.
It seems just about any choice is better than godaddy. I have found 1and1 to be pretty decent. Private registration, decent control panel, and around $7 as well.
I've been seriously considering moving my domain from GoDaddy. For me though price isn't really an issue. In fact, because I have a .me domain it will end up being about 20 bucks a year no mater where I go.
I'm not surprised. I use godaddy for hosting domain names but their interface seems really complex. This makes me think that they have an even more complex infrastructure with possibly many holes. It's also possible that they don't have yet fixed the issue because of internal bureaucracy.
I had a friend who was hosting at a relatively small ISP who got attacked similarly. Luckily, those attackers were very clumsy and broke HTML in process (didnt close tags properly), making detection very easy.
I was researching a bit on how these attacks are done, but still not sure on details.
Someone gains root on host machine and then gets to the individual instances?
The fact that HN users use GoDaddy for hosting is... well let's just say it challenged some of my lofty assumptions about the intelligence of HN users.
If you are not following, this is the 3rd mass hack at godaddy in just a few weeks:
http://smackdown.blogsblogsblogs.com/2010/05/13/hosting-with... http://blog.sucuri.net/2010/05/found-code-used-to-inject-mal...