[skilled]

What a disgrace of a platform. I'd understand dropping a c99 on a cPanel back in early 2000s but these days? What are the engineers doing at the company, collecting a paycheck and pretending to do work?

Speaks volumes for the culture being cultivated at GoDaddy.

[localghost3000]

I agree that this is bad but I'd encourage you to rethink your comment. The "clown engineers" you are calling out maintain a level of uptime and scale thats hard to for most people to imagine. You don't do that by being an idiot.

Instead of calling them names and assuming bad intent, maybe take a second to think about how much it must suck for them right now. I'm sure it's all hands on deck nights/weekends to fix. No one sets out to do a bad job in my experience.

[skilled]

You're right. I have removed the "clown" part, because after submitting my comment it left an itch in me, too. I think I have seen too much bad press about GoDaddy that "simple" things like this just bring out the worst in me. Thanks for pointing that out.

[localghost3000]

We all do it. I say stuff in the heat of the moment too. I appreciate your willingness to change the wording. Very "un HN like" lolol! :)

[jayess]

Godaddy has the most user-hostile platform of any domain registration company I've ever encountered in the 25+ years I've been registering domains. It's utter garbage in every way.

[localghost3000]

I agree that there are a lot of dark patterns. Thats probably more the product and marketing team though wouldn't you agree?

[quags]

There isn't enough info for how the compromise happened and it may not be related to cpanel at all. What I find interesting is in 2017 godaddy bought Sucuri which monitors and cleans up malware, not sure if they still own it - but combining securi and shared hosting makes the most sense. Most of these cpanel hosts (excluding godaddy) are using products like CloudLinux+Imunify360 to better secure sites, clean up malware automatically. Godaddy is already outsourcing their cpanel control panel, it would only make sense to do what others in their space are doing and automatically be adding security products to theirs sites. Like - a c99 shell - would never make it on an imunify360 server it would be immediately detected and disabled.

[Tostino]

I feel like a lot of these older platforms are being shown to be as rickety as they actually are, as malware and hacking toolkits improve and proliferate. Bad practices are going to show through, bigtime with this next cold war the US is entering.

[dylan604]

i would not be surprised if their back end is still a bunch of old skool perl scripts in the cgi folder that were l33t coded back in the day, but nobody now can even start to parse the perl itself.

switching from impossible to read perl scripts to flavor-of-the-day language would be a use case i can actually get behind and support for replacing.

[quags]

Well cpanel is written in perl, and certainly hard to read but overall I would say cpanel is probably one of the more secure control panels. This hacking, sounds like the systems were root compromised and unlikely to be related to cpanel. I would guess it is more likely credential compromise, perhaps phishing related on staff themselves.