opinion GoDaddy Problems Continue

[BradWilson]

As a follow up to my previous post, GoCrappy aka GoDaddy continues to have problems related to their email and their employees.

The result is a significant problem to business owners when they lose access to their domains causing serious security issues including lost income and trust.

This time their employees are being attacked from outside the company instead of the company itself.

In the post GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Fraudsters redirected email and web traffic destined for several cryptocurrency trading platforms over the past week. The attacks were facilitated by scams targeting employees at GoDaddy, the world’s largest domain name registrar, KrebsOnSecurity has learned.

...tricking employees into transferring ownership and/or control over targeted domains to fraudsters.

In March, a voice phishing scam targeting GoDaddy support employees allowed attackers to assume control over at least a half-dozen domain names, including transaction brokering site escrow.com.

This latest campaign appears to have begun on or around Nov. 13, with an attack on cryptocurrency trading platform liquid.com.

...cyptocurrency mining service NiceHash disccovered that some of the settings for its domain registration records at GoDaddy were changed without authorization, briefly redirecting email and web traffic for the site.

But he said GoDaddy was impossible to reach at the time because it was undergoing a widespread system outage in which phone and email systems were unresponsive.

In my opinion and experience, GoDaddy hasn't learned anything over the years about dealing with employees who work with email and this problem just seems to be getting worse.

 

[wwwweb]

How about Godaddy befor making any changes call back the number on the account first, and if has been recently changed start with the old number first. This changing user info, ramdomly is common sense.

If I try to call my CC company for a random question they ask me 3 random questions before they will even talk to me.

 

[Gube]

There are many easy-to-implement (and some a bit harder, but worth it) solutions to improve their security against phishing.
As we saw it in a previous post, they show a small alert to employees on emails coming from non GD domains, but it could go even further.
At their size, they probably have an entire department taking care of the staff's equipment. They should make the connection between employees and GD workspace environment safer using a VPN if they are not already.
Force regular password change
Check login attempts with a smart logic
Authentify each action performed in that environment..

 

[TCK]

My biggest problem with GD is their constant interface changes. It seems as though they are going through a major makeover across the board. It is a huge undertaking for a registrar that is having to build on old code. At the same time having to fight off immense hack attacks. This is in no defense of GD but as a developer myself I can see the challenges.

In my experience, GD has been very fair with me. I've lost domains but mostly due to my oversight.

When a company gets very large there are various departments with C level oversight. There are so many moving parts. It would be nice to have someone that is able to speak on behalf of the company like in the past, like Steve Jobs for Apple or Bill Gates for Microsoft.

 

[BradWilson]

This is in no defense of GD but as a developer myself I can see the challenges.

I'm a developer as well but I still feel they should have learned to deal with these issues by now.

Please see my previous comment about avoiding GoDaddy.
GoDaddy is a Technical Nightmare

 

[Mytz.com]

This is a big headache

 

[TCK]

I'm a developer as well but I still feel they should have learned to deal with these issues by now.

Please see my previous comment about avoiding GoDaddy.
GoDaddy is a Technical Nightmare

Hi Brad, I quickly took a look at your comment. I would not use GD for anything except domain registration. Most of my domains are there. I like their automated email notifications for expired domains. But I could not recommend their hosting and email services. A registrar needs to focus on domains. I don't use any registrar for Web hosting, design, or email. We have dedicated hosting.

 

[BradWilson]

Hi Brad, I quickly took a look at your comment. I would not use GD for anything except domain registration. Most of my domains are there. I like their automated email notifications for expired domains. But I could not recommend their hosting and email services. A registrar needs to focus on domains. I don't use any registrar for Web hosting, design, or email. We have dedicated hosting.

I guess you missed the reason for this post.

GoDaddy email continues to be hacked and domains registered with them are being lost because they aren't following proper security procedures.

Are you really okay with that?

Btw, I believe most I not all other domain registration companies send out automated email notifications for expired domains. At least the companies I've used.

 

[TCK]

Are you really okay with that?

Nope. Thought you were referring to clients' emails hosted with them.

 

[BradWilson]

Nope. Thought you were referring to clients' emails hosted with them.

Both actually.

They're having problems with email and any security practices in general which is a real nightmare scenario for many businesses.

 

[King]

No surprise here.