An interesting trend has been popping up again recently with websites becoming compromised. This new wave in the ongoing battle of website and web-server security highlights the ever-evolving methods used to draw unsuspecting people to infected sites.
As has been reported, GoDaddy, one of the premiere Internet registrars and domain hosting providers, has had a number of shared servers compromised. An .htaccess file, a distributed configuration file used in Apache servers are having entries added through exploits such as common to older Joomla and WordPress sites. These new entries redirect users away from the GoDaddy hosted site to another website often with malware that tries to install itself on to the user's computer.
What is interesting with recent hacks is that this affect appears to be primarily limited to GoDaddy shared server hosted websites as if they are being targeted. There has not yet been an official statement from GoDaddy regarding these attacks.
In today's environment it would not be surprising that GoDaddy or any large hosting company would be singled out for attacks. A brief look over the past year has seen an unprecedented number of corporations and government entities targeted for various reasons.
Even today, while doing research on this very topic I came across a redirect through a Google search result
The case with GoDaddy and the scale of compromised websites is a little disconcerting. This suggests a possibility of a server level vulnerability being used to exploit a wide range of websites regardless if the website's software, extensions, plugins, etc., are up to date. Whether that is true or not we can only wait and see.
In the mean time what can you do? If you have a website and use something like Joomla, WordPress, or a host of other applications, make sure they are up to date. Developers often release patches and upgrades to fix security vulnerabilities. Pay special attention to what extensions and/or plug-ins you install. Sure, a plug-in may have great features, but how well was it written? If you have access to your logs, and if you maintain a website you should, see what people are trying to access. You might be surprised.
There is also a great tool you can use to scan your website against common vulnerabilities over at http://sitecheck.sucuri.net/scanner.
On the user side of things keep your antivirus and spyware software up-to-date. This is not a PC only issue. An infected site could redirect you to another that looks just like your bank's website or PayPal, or your child's school, or a host of other sites where you would enter sensitive data.
Oh, calvaryweb.com is clean :)