- Posted by Melanie
- 26 September 2012
This is a true story, and while I am posting because it is rather funny, it's indeed sad the trials and problems this merchant has suffered at the hands of GoDaddy hosting.
This client, running Zen Cart 1.3.8 was sent an email from GoDaddy regarding her database queries. They wanted her to reduce them as it was in their estimation causing an unfair load on the server and affecting the other gazillion other websites hosted on the server. The client, phoned us and explained her troubles and we set a plan to upgrade in a short time and reduce the queries for now.
Now we knew going in that the website given it's old age Zen Cart 1.3.8 was likely hacked with the common hacks we see in this version such as php files in the images directory. What we didn't expect was a full class hack which was capturing and routing credit card information to an email address from the checkout confirmation page file. We have seen this hack before, just a couple of times, so we knew to look.
Long story short we cleaned up all the hacks, lowered permissions, protected directories and patched the cart to "hold her over" until she can upgrade. Cleaning up hacks is a common task around here for the 1.3.X series and we even have a "Post cleanup" email we send them. This time we had some issues which needed to be directly handled by the host, GoDaddy.... so we forwarded them to her as well to send to GoDaddy. The rest is just way to ignorant to believe....
Please tell GoDaddy the following:
- Fully Disable Front Page Extensions
- Do a full backup of the "clean" state for potential restore
- Please deep scan and check for root kits
- Hack which breached credit cards occurred on 6/8/2012 @ 8:35pm and is attached. Access for the hack appears to have been authenticated.
- Please remove the VTI folder from the stats directory
I cleaned, replaced and lowered permissions on nearly all core files. I replaced the missing software .htaccess files which were removed using command syntax from the images directory hacks and other injected php files within the file structure in many places.
I applied all version patches and secured all ancillary folders to both prevent browsing and the execution of scripts. Quarantined files are in the public_html in a folder called /lockdown/
1. Fully Disable Front Page Extensions
Front page is not enabled as Godaddy runs on Linux Hosting.
---- Apparently the hosting control panel icon saying they are enabled and all the FrontPage extension files are imaginary. FrontPage extensions are both vulnerable and a PCI fail.
2. Do a full backup of the "clean" state for potential restore
not sure what this means? did you want me to do a backup on the database?
---- The word full must have been too vague??
Please deep scan and check for root kits
We have no idea on this I spoke with checked with upper level admins who have no idea what rootkits are?
---- Don't even know what to say here... It's just that completely inept! (http://en.wikipedia.org/wiki/Rootkit)
Please remove the VTI folder from the stats directory
Remove this in the FTP File manager but why would delete this folder as it is provided by Godaddy to enable me to do traffic stats?
---- _vti_cnf is NOT a folder to do anything with stats. It is in fact a FrontPage extensions folder. We cannot remove it because it is within their /stats/ system folder in the public root and the permissions are protecting it from removal.
Moral for the story..... GoDaddy is not proper hosting for ecommerce websites, your security, liability and business should not in the hands of monkeys!
Senior Product Manager Duane Forrester from Bing recently contributed in a Webmaster World forum discussion to say the following regarding the Meta Keyword tag.
I'll make this statement: meta keywords is a signal. One of roughly a thousand we analyze. Getting it right is a nice perk for us, but won't rock your world. Abusing meta keywords can hurt you.
How MSN typical is that?
The entire search community is trying to fix the spam while Bing seeks to perpetuate it further. This is NOT 1997 anymore. Even at "one of a thousand signals" it's a ridiculous statement and signal. So in this page I can say in a proper Meta Keyword Tag that the post is about red tomatoes ( have a look for yourselves =P ) and Bing will actually consider this stupidity which is hidden from normal users? Really dumb guys!
This from the folks who took 4 years to realize that we use no WWW in our urls.... The forced redirect was literally ignored by Bing for 4 full years and whose own design staff has to use a ton of IE hacks to display their OWN damn pages. So Microsoft just handed all the motivation the spammers need to begin adding a thousand keywords stuffed in the head of their pages and cause us unsurpassed frustration trying to explain to clients that the Meta Keyword tag is NOT going to help them rank... Unbelievable!