SoylentNews is people
SoylentNews
from the friends-don't-let-friends-use-godaddy dept.
GoDaddy has been caught sneakily injecting JavaScript into the websites it hosts.
I recently started having issues with the admin interface of a website I run and decided to check the browser console to see if any errors were being displayed there. There were and among them was an error stating that a JavaScript map file being loaded (and failing) that I did not recognise. This meant that the actual JavaScript file itself was already loaded via my website. This set off all sorts of alarms for me and I started to dig in further.
I checked the file system for any suspicious files, there were none. I checked the source code and templates for evidence of anything that has been added, there was nothing there. Yet all my pages were being served with the following script injected into them just before the closing html tag...
[...] Of course that comment in the script was a give away of what was going on but I didn't immediately want to believe that the website host itself would be injecting a JavaScript script into my website without my consent! Turned out that's exactly what GoDaddy was doing and they justified it as collecting metrics to improve performance.
The technology that's in use here is called Real User Metrics and GoDaddy has a page about it here - Why am I signed up for Real User Metrics?. If you happen to be a customer in US (which I am not but the website is hosted in a US data centre) then you are automatically opted into this service and all your website's pages will have this JavaScript injected into them.
(Score: 2) by BsAtHome on Monday January 14 2019, @03:58PM (6 children)
They are altering copyrighted content. Therefore, they are liable for copyright infringement.
That is, unless their T&Cs allow them to do whatever they like... If so, you should find another host.
(Score: 1, Informative) by Anonymous Coward on Monday January 14 2019, @04:31PM (3 children)
Sigh. Why do Internet experts spout nonsense about stuff they know nothing about?
(Score: 5, Touché) by BsAtHome on Monday January 14 2019, @05:01PM (2 children)
Why does this AC only spout complaints and doesn't write a constructive comment?
(Score: 0) by Anonymous Coward on Monday January 14 2019, @05:56PM (1 child)
Maybe because that AC realizes that some people are so wrong it would take too long to teach them enough to make them semi-right.
(Score: 3, Touché) by Gaaark on Monday January 14 2019, @10:45PM
Or that AC is an ass who can't say anything positive because he's a stupid fuck who doesn't know enough to teach a slug?
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 3, Insightful) by Anonymous Coward on Monday January 14 2019, @05:23PM (1 child)
it's malware and should be indictable, unless it's in the TOS. also, anyone using godaddy deserves this shit.
(Score: 2) by Gaaark on Monday January 14 2019, @10:45PM
Yuuuuuuuup!
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 3, Interesting) by Thexalon on Monday January 14 2019, @04:02PM (5 children)
One of my clients has a GoDaddy-hosted site (not my decision, but inertia is what it is), so I checked for signs of this and came up empty. Of course, it's entirely possible that they eliminated it because word got out.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 0, Insightful) by Anonymous Coward on Monday January 14 2019, @05:20PM (4 children)
if you had any balls you wouldn't accept clients that won't move their stuff to your servers.
(Score: 0) by Anonymous Coward on Monday January 14 2019, @05:59PM
I charge more if I don't host the site because it takes more to get their site up and running without the custom code I run on my servers. But, if the checks clear it doesn't matter where their site is hosted.
(Score: 2, Insightful) by DannyB on Monday January 14 2019, @06:54PM (2 children)
So you are discriminating against women in tech?
Or an alternate interpretation would be something about sports being somehow related to ensuring clients use your servers.
When trying to solve a problem don't ask who suffers from the problem, ask who profits from the problem.
(Score: 2) by Gaaark on Monday January 14 2019, @10:47PM
No, they just don't have any balls themselves, so are jealous.
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 2, Insightful) by Anonymous Coward on Tuesday January 15 2019, @03:59PM
Q: Why do women rub their eyes when they wake up?
A: Because the don't have balls to scratch.
Yes, I suppose that it is discriminatory to notice that women have no balls. It's probably even more discriminatory that I only sleep with women who have no balls. But, that is life.
(Score: 2, Interesting) by barrahome on Monday January 14 2019, @04:16PM (2 children)
I did report and Twitter about this on 2018: https://twitter.com/bet0x/status/1073331136204599297 [twitter.com] Maybe the issue was that i uses Spanish?
(Score: 0) by Anonymous Coward on Monday January 14 2019, @04:26PM (1 child)
Yes.
(Score: 3, Funny) by Anonymous Coward on Monday January 14 2019, @06:01PM
FTFY
(Score: 4, Funny) by Anonymous Coward on Monday January 14 2019, @04:20PM
Why would anyone buy Huawei and be shafted by the Chinese, when they can be shafted by genuine American scumbags?
(Score: 5, Interesting) by zemm on Monday January 14 2019, @04:38PM (5 children)
They may be alright for domain names, but as a web host, I would strongly advise anyone against using them.
Their tech support is worthless and unhelpful. One example: They changed backend settings on one of the sites hosted by my workplace which entirely broke the website hosted there. (Shared hosting). Tech support denied they changed it (even though I sent them links demonstrating that it had been changed) and refused to help. ("It's a coding issue" but it worked fine a few hours ago ...) I asked to speak to a manager or escalate to someone more knowledgeable and they refused! I had to spend time creating a work-around just so that the website wouldn't be down.
(Score: 5, Interesting) by richtopia on Monday January 14 2019, @05:33PM (3 children)
I used them for my domain because they are the largest. However, two months ago when my 5 year purchase finished I migrated to gandi.net. Godaddy charges for services that should be free, such as data privacy features (hiding your email and physical address) and email features (1 free inbox, but IMAP is extra).
Based on my limited research, gandi.net is probably the most responsible domain name registrar. I've been happy with them since migration. The only problem is if you want a one-stop solution: they offer hosting services but it is not as turn key as other providers and the servers are based in Europe (good or bad depending on your use case).
(Score: 4, Interesting) by bzipitidoo on Monday January 14 2019, @06:33PM (1 child)
> I used them for my domain because they are the largest
"Largest" is often a good reason not to use a business. For one thing, that attitude is a competition killer. Large banks (Bank of America, Chase, Wells Fargo, and Citi) have poor service. There is really nothing they can do for you that a smaller bank or credit union can't do, and do better. Except one thing-- have a branch nearby no matter where you go. Lot of people are still really hung up on bricks and mortar.
Amazon still seems okay, but I've heard they abuse their dominance to pressure 3rd party businesses who hawk wares on their site into making "concessions" that sure sound like kickbacks to me. I've noticed NewEgg seems to be trying to become an alternative to Amazon. Then there's WalMart, which is still plenty dominant though it seems Amazon has been cutting into their revenue. There's plenty of hate and suspicion of EBay and Paypal. Microsoft and Apple are still luring people into their walled gardens. They're not as big, bad, and ugly as they once were, but IBM and Ma Bell are still alive and mean.
Yeah, I've heard bad stuff about GoDaddy before. And I've seen their extremely sexist commercials. They are scum, and I stay away from them and when I can, steer others away.
(Score: 2) by Runaway1956 on Tuesday January 15 2019, @04:03PM
Amazon abuses their dominance to force employees to clock out before taking the six mile hike to the men's, women's, or unsure's restrooms.
(Score: 2, Informative) by Anonymous Coward on Tuesday January 15 2019, @12:10AM
I used Gandi.net for a client and it caused me more than a fair bit of grief, including downtime due to their infrastructure problems (more than a couple hours)--I'll spare the rest of the laundry list because it's mild in comparison. I'd strongly urge people to avoid them, based off my limited experience.
(Score: 2) by Kilo110 on Monday January 14 2019, @06:19PM
I refuse to use godaddy for anything. And I tell everyone that's looking to get a host or domain to avoid them too.
(Score: 5, Interesting) by Anonymous Coward on Monday January 14 2019, @04:45PM (8 children)
How do I know this ?
I work at GoDaddy.
I am planning my departure which is imminent ( as in weeks rather than months ).
(Score: -1, Troll) by Anonymous Coward on Monday January 14 2019, @06:04PM
Hmm ... maybe you are the problem and things will improve once you leave? Please let us know when you depart so we can check GD support to see if it gets better.
(Score: -1, Flamebait) by Anonymous Coward on Monday January 14 2019, @07:36PM (4 children)
I hope you get sued for backstabbing your beneficent employer. With disloyal scum like you, it's no wonder everybody's looking to outsource.
(Score: 0) by Anonymous Coward on Monday January 14 2019, @08:00PM (1 child)
Because outsourced employees are so much more loyal...
(Score: 0) by Anonymous Coward on Monday January 14 2019, @08:15PM
GGP is neither loyal nor cheap. Pajeet is cheap.
(Score: -1, Flamebait) by Anonymous Coward on Monday January 14 2019, @08:41PM (1 child)
You are one of those morons, who think loyalty over everything. It ain't. Fuck you, you little bitch.
(Score: 0) by Anonymous Coward on Tuesday January 15 2019, @02:58AM
To me, TRUST is damm near everything.
If I can' t trust it, what good is it?
Unfortunately, many companies will sell off their trusted reputation, which took many years to easablish, for a quick executive level handshake.
(Score: 2) by Azuma Hazuki on Tuesday January 15 2019, @06:03AM (1 child)
Please be posting this from a not-at-work machine, preferably behind a proxy. I'd hate for the company to pick up on who this is and blackball you. They're the kind of scum who'd do that, based on my past experience with them (no, never as an employee, thank Madokami).
I am "that girl" your mother warned you about...
(Score: 2) by Runaway1956 on Tuesday January 15 2019, @03:08PM
He's just a troll. He's never even met a godaddy employee. He'd have to leave his mama's basement to do so. You would be better off studying Martin Luther King Jr's "I have a dream" speech.
(Score: 2) by SomeGuy on Monday January 14 2019, @05:17PM (1 child)
Metrics are like crack for corporations.
They will go to any and all lengths to collect "metrics" at your expense. They will violate your privacy, they will break your applications, they will lie, they will steal, they will break in to your house at night and ass rape you and your dog to bloody pulp. All justified as collecting metrics to improve performance.
(Score: 3, Funny) by bob_super on Monday January 14 2019, @06:46PM
Not quite, because crack visibly degrades the host ... oh wait.
Not quite, because crack turns the host into a security risk ... oh wait.
There, got it:
Not quite, because the Street doesn't give you a higher value because of the massive use of crack.
Metrics are more like coke, really.
(Score: 5, Insightful) by SomeGuy on Monday January 14 2019, @05:28PM (4 children)
Ha, ha, ha, ha. Oh, yea, whenever the topic of HTTPS encryption comes up, one of the top reasons for using it is to prevent injection of malicious content.
Doesn't do a damn bit of good when your host sells you out now, doesn't it?
(Score: 4, Interesting) by DannyB on Monday January 14 2019, @07:00PM (3 children)
What if your host lets you run your own Linux image in a private VM? (Digital Ocean, Linode, etc)
The Linux image and server you are running is all your own setup. Assuming the SSL is implemented within your server software, the only way it seems that the hosting company could interfere would be to hack your VM system.
When trying to solve a problem don't ask who suffers from the problem, ask who profits from the problem.
(Score: 2) by Pino P on Monday January 14 2019, @07:22PM (2 children)
Last I checked, hosting companies charged more per year for a virtual private server such as what you describe than for shared hosting where a reverse proxy running NGINX does all the HTTPS termination. Has there been a recent review of the best VPS providers under $120 per year?
(Score: 2) by DannyB on Monday January 14 2019, @09:13PM
It depends on how big of a VPS you need. They start at $5 / mo and go up from there. The smallest could probably handle a static web site with some amount of traffic. Dynamic sites, or especially full blown applications obviously require more resources. A big database application can require multiple servers for heavy traffic.
But it is a question to ask. The less you share with other tenants the more control you have, such as operating your own SSL termination.
When trying to solve a problem don't ask who suffers from the problem, ask who profits from the problem.
(Score: 1, Interesting) by Anonymous Coward on Monday January 14 2019, @09:16PM
Sounds like a good Ask Soylent question?
(Score: 2) by Gaaark on Monday January 14 2019, @10:56PM (2 children)
We need a SoylentNews group: go together and pressure, say, Linode to give us a good price on web hosting!
A new TMB project? :)
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 4, Funny) by martyb on Tuesday January 15 2019, @02:09AM (1 child)
I appreciate your enthusiasm!
As you are probably already aware, Linode offers a variety of hosting plans [linode.com]. Their "Linode 192GB" and "Linode 300GB" plans each charge $960 for one server for one month. That price approximately covers our hosting costs for our nine servers for 4 months. If they wanted, they could probably host all our Linodes on a single physical 1U server. To put THAT in perspective, Linode runs 8 different data centers located in multiple countries around the world.
What you propose is akin to gnats making demands upon a herd of elephants and is likely to garner about the same amount of attention.
Sad to say, our negotiating power would be less "Let's Make a Deal" (your comment subject) with Monty Hall and more like negotiating with Monty Python's Flying Circus. ;)
Wit is intellect, dancing.
(Score: 2) by Gaaark on Tuesday January 15 2019, @12:19PM
So you're saying"It's one dead parrot!"
:)
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 0) by Anonymous Coward on Tuesday January 15 2019, @01:02AM
We've been using nearlyfreespeech.net and gandi.net for years with 0 issues. I highly recommend both.
(Score: 1, Informative) by Anonymous Coward on Tuesday January 15 2019, @01:28AM
I registered two personal domains with APlus.net in 2000. The websites & email have worked great the whole time. The few times that I had a problem, it was quickly fixed via their live chat.