Category Archives: Hosting

GoDaddy Breach November 2021

GoDady Breach - 1.2 Million WP accounts at risk!

Up to 1.2 Million WordPress Accounts At Risk in Latest Breach

GoDaddy has announced in a filing with the Securities and Exchange Commission (SEC) that up to 1.2 million managed WordPress accounts are at risk.

An unauthorized attacker managed to breach a “legacy” WordPress management tool still in use at GoDaddy.

The attacker used a compromised password on September 6, 2021 to access the tool. However, the breach wasn’t discovered by GoDaddy’s internal security team until November 17, 2021.

Over the six-week period of unauthorized access up to 1.2 million active and inactive managed WordPress customers had their email address and customer number exposed to the attackers.

Additionally, major customer credentials and secrets have been exposed:

  • Customers’ original WordPress Admin password (set at the time of account provisioning)
  • Customers’ FTP and database usernames and (plaintext) passwords
  • And, for a subset of these customers, their SSL private keys.

Immediate Consequences of the GoDaddy Breach

GoDaddy has implemented a series of changes to remediate the effects of the breach, including resetting any potentially compromised passwords.

While GoDaddy is still investigating the causes of the compromised accounts they are also reaching out to impacted customers to issue appropriate advice regarding resetting passwords.

They’re also attempting to raise awareness of the compromise of their users’ email addresses, so that those users can be conscious of phishing scams.

It is unclear whether GoDaddy has fully accounted for all potentially exposed private keys.

Long-term Consequences of the GoDaddy Breach

The attackers were able to gain access to raw passwords for sFTP and database accounts. It would therefore appear likely that at the very least GoDaddy was storing FTP credentials in a majorly insecure manner.

This is a huge security practice failure on GoDaddy’s part.

Storing passwords in plaintext is a major no-no. It’s unclear at this point why GoDaddy didn’t remediate this relatively basic flaw with their “legacy” managed WordPress service. This service – which makes up a sizeable portion of GoDaddy’s income – was fundamentally insecure.

It’s unclear what GoDaddy means by “legacy” and whether GoDaddy intended to move these customers off of this platform eventually. However it is clear that they did not do so soon enough.

GoDaddy is also keen to point out “best practices” for securing WordPress instances in a (long) series of posts. However, GoDaddy’s own mistakes here have lead to a massive customer exposure.

That does little to instill a sense of trust in GoDaddy who will need to do some reputation management in the coming months.

What should you do?

If you’re a GoDaddy Worpress user you should immediately reset all passwords associated with your account. Note: don’t re-use passwords, ever!

Users should also look to their email for notification from GoDaddy as to the status of their SSL certificates. At the time of this writing GoDaddy was still “in the process of issuing and installing new certificates for those customers.”

And it never hurts to consider alternatives when looking for WordPress hosting. We offer a low-cost basic hosting package that’s more than suitable for hosting a small WordPress site / blog. We also offer a wide variety of larger hosting packages that would perfectly suit the needs of a higher-trafficked site.


How to Move Hosting Companies

Man Carrying Laptop

 

Have you ever been fed up with your current hosting provider? Do they keep going down or have poor customer service?

Sometimes moving to a new hosting company is the answer. The biggest thing is, how do you do it, especially with eCommerce sites, with minimal to no down time?

The key is someone skilled at moving sites and DNS preparation.
How do you know if someone is skilled at moving sites? Ask them how long it takes for your site to come up on the new server during the transition. If they tell you a day or two, or even three, then they do not know how to properly prepare DNS. The answer should be an hour or less if they know how to prepare everything in advance.

Steps to moving to a new hosting provider

  • Create an account on the new hosting provider and copy your site to the new hosting provider
  • Use a development subdomain for this so you can test it. For example: dev.yourdomain.com
  • Once everything is set and working, start preparing DNS by turning the TTL (time to live) down on the DNS server settings. Put it as low as your DNS hosting will allow, however note what it is set to before you change it. We like to put it to 5 minutes.
  • After the time has past for the old DNS TTL setting you can get started doing the actual live move!
  • Start by copying the site again to the new hosting and re-test everything. This is your ‘dry run’ to make sure the copy will work seamlessly.
  • Note any issues, fix and try the dry run again until there are no issues.
  • If you have an eCommerce or dynamic store of any kind, close the store/put it in maintenance mode.
  • Copy the site to the new hosting provider and test one last time.
  • If everything works correctly, update your DNS to point to your new IP at your new hosting provider.
  • Open up the eCommerce store on the new hosting provider and you should be good to go!
  • If everything is good, you can later update the DNS to have a longer TTL if you’d like.

Summary

With this proper preparation, the only down time should be copying the site that one final time to the new hosting provider and then the minimal time for DNS to propagate! So it should be about 5-10 minutes depending on the speed of the copy of the site!

Keep in mind, sometimes bigger is not better when it comes to a hosting company. It really is the service that matters and level of support they provide. If you have an eCommerce store and aren’t happy with your service, contact us today to see if we would be a good fit for you!

BCSE recognized by X-Cart for Hosting Services

x-cart logo

BCSE Hosting Services Recognized

Did you know that BCSE offers hosting services?  We recognized the need for quality hosting for our customers years ago and have been offering this reliable and affordable service ever since that time!  Recently, X-Cart listed us as an expert for hosting services on X-Cart marketplace and we’re pretty excited to be listed.  We’ve known for a long time that our hosting services are terrific, but it’s always nice to be recognized in the industry!

You can find detailed information on our hosting page or contact us with any questions that you may have.