I've been getting a ton of people signing up for my GoDaddy hosted WordPress blog the last couple of days. All the email addresses were things like [email protected].
Usually I get 2 or 3 signups a month. The last 2 days I've gotten 10 to 15 a day.
I've kept my WordPress install up to date though and I don't appear to be compromised. I wonder if that was part of the attack.
This was probably not part of the attack. The attack simply redirects incoming requests to another site. If your site was affected, you wouldn't have had any sign ups because your site would have been redirecting to the bogus site before it even reaches your page.
Someone commented on the posted article that the compromise seems to be from Godaddy itself. What I'm thinking is someone used a vulnerable 3rd party script hosted on a shared server, then somehow got root or escalated privileges and compromised all or most of the sites hosted on the shared server. If the issue was Godaddy itself being hacked, I would assume it would affect all servers, not just the shared one(s).
If somebody managed to compromise other customer's accounts via one shared hosting account, even if it is limited to a single server, then I would consider this as Godaddy being hacked.
I don't think so, they use their own system branded the "hosting connection." It could just be fantastico with their own skin thrown on, I suppose, but it looks like their own thing to me.
Usually I get 2 or 3 signups a month. The last 2 days I've gotten 10 to 15 a day.
I've kept my WordPress install up to date though and I don't appear to be compromised. I wonder if that was part of the attack.