[avsteele]

This might solve a big mystery for me.

When I first set up my company's website it was hosted at GoDaddy. Totally static site. It got 'hacked' one day, with new php files and redirecting users to some nonsense. This was August 2016. The ftp server had a very long, random password. I changed it again after this.

It happened *again* March 2017, though different files were added. After this I moved my site to Digital Ocean.

I never found out how this happened.

Does anyone know how long this has been going on? The article didn't give a definitive start date.

[justinclift]

One of my relatives had a similar thing happen a few years ago, though not at GoDaddy.

In this particular case, they had "shared hosting" and it turned out the permissions on their particular directory were somehow left writeable by "other". In the *nix filesystem sense.

eg any other customer/user/etc on the server was able to overwrite the files. Which someone had done at some point.

Was easy to fix at the time (eg fix the permissions), but I have no idea if it occurred again over time.

[quags]

There seem to be three incidents and all after 2020.

But FTP - unless godaddy enforced TLS connections on that - which back in 2016 probably not because it would have been a support burden this could has easily have been password sniffed.

[iLoveOncall]

You can have the longest password in the universe and change it after every login, if you have a keylogger on your computer it doesn't matter.

[sn_master]

or someone sniffing your network. FTP isn't encrypted.