509.949.2162 jeremy@bondbyte.com

Full disclosure, I never recommend GoDaddy to anyone, EVER!

I think they spend more on Superbowl commercials than infrastructure. Here’s a chat transcript with a GoDaddy Support Rep. I had an A Record configured and the IP kept resolving to a GoDaddy IP. In the end I was offered no explanation other than, GoDaddy hosts millions of sites and it isn’t their fault.

 

GoDaddy Rep: 

Thank you for contacting Sales & Support. My name is GoDaddy Rep I will be your product expert for today. I hope you’re doing well today. How may I help you?

20:29, Jan 11

You: My domain obfuscated.com has an A record pointing to 104.214.98.63 but its resolving to a godaddy ip of 50.63.202.43

20:29, Jan 11

You: it’s not cached, it’s been the 104 IP for a very long time. This all started last week

20:31, Jan 11

GoDaddy Rep: 

I’ll gladly assist you with DNS today. I’ll be reviewing your account as well to provide you with some recommendations that can help with resolving your issue or increase your overall savings in the long run.

20:34, Jan 11

GoDaddy Rep: 

To access your account I will need your 4 digit support PIN.
Please provide your PIN with this secure form I am sending you.

Click here to locate your 4 digit Support PIN
Once you open the link, the PIN will be located under ‘Login Info’

20:34, Jan 11

GoDaddy Rep: GoDaddy Rep has sent you a Secure Form: EN-US PIN

20:34, Jan 11

GoDaddy Rep: The following Secure Form has been submitted: EN-US PIN

20:37, Jan 11

GoDaddy Rep: 

Thank you the PIN worked. Please bear with me while I review your account.

20:40, Jan 11

GoDaddy Rep: 

Please give me more time we are digging deeper into the account.

20:43, Jan 11

GoDaddy Rep: 

The domain is under propagation.

20:43, Jan 11

GoDaddy Rep: 

It will take 24-72 hours for the record to be correct be applied on a global scale.

20:44, Jan 11

You: propagation means what?

20:44, Jan 11

You: and why is it under propagation?

20:46, Jan 11

GoDaddy Rep: 

It means the settings is being applied on a global scale from one server to another it is savings or applying the changes in the record.

20:47, Jan 11

You: I get that. Why did the record change

20:47, Jan 11

You: How does a valid A record magically start pointing to a Godaddy IP?

20:47, Jan 11

GoDaddy Rep: 

Where did you get that it is resolving on a different IP.
It is correct in our end.
https://www.whatsmydns.net/#A/OBFUSCATED.COM

20:48, Jan 11

You: From a PING

20:48, Jan 11

You: or MXToobox

20:48, Jan 11

GoDaddy Rep: 

This is a global propagation checker. From here you should be able to see the IP where the A record is resolving.

20:48, Jan 11

GoDaddy Rep: 

It is showing 
104.214.98.63

20:49, Jan 11

You: Now, perhaps. But why did it change?

20:50, Jan 11

GoDaddy Rep: 

Did you setup a forwarding previously? 

20:50, Jan 11

GoDaddy Rep: 

Or use this domain on a hosting platform.

20:50, Jan 11

You: No Sir, haven’t touched it

20:50, Jan 11

You: It points to my Azure server.

20:51, Jan 11

GoDaddy Rep: 

When did you get this? ” A record pointing to 104.214.98.63 but its resolving to a godaddy ip of 50.63.202.43 ” From our record it is always 104.214.98.63 base from system logs

20:52, Jan 11

You: Started last week, or that’s when the customer reported the problemt o me

20:52, Jan 11

You: can you get print screens?

20:52, Jan 11

GoDaddy Rep: 

Yeah send it to hisemail@godaddy.com

20:54, Jan 11

You: should have an email

20:54, Jan 11

You: sending you another one. I have several others at work, I’d have to RDP in to get them

20:55, Jan 11

You: It was literally bouncing back and fourth between 50 and 104. I have never seen anything like this in my 20 years.

20:55, Jan 11

GoDaddy Rep: 

I understand now. It is Website Security Basic IP

20:56, Jan 11

You: WTF is that?

20:56, Jan 11

GoDaddy Rep: 

It is scanning your website thus altering the IP during scan and return it back to normal

20:56, Jan 11

GoDaddy Rep: 

It is a malware scanner that you add to 
obfuscated.com

20:56, Jan 11

GoDaddy Rep: 
Website Security Basic
obfuscated.com

20:57, Jan 11

GoDaddy Rep: 

You set it up in your account. It should be located under website security in my product.

20:57, Jan 11

You: that is added to the godaddy account?

20:57, Jan 11

GoDaddy Rep: 

Yes.

20:57, Jan 11

GoDaddy Rep: 

Website Security and Backups
Website Security Basic obfuscated.com

20:58, Jan 11

You: Who would want that, a “security” feature that high jacks your A record and violates all known IP/DNS rules

21:00, Jan 11

GoDaddy Rep: 

No its doesn’t high jacks the IP it just put it on a temporary IP then returns it back no downtime will occur.

21:00, Jan 11

You: The sites been down for a week

21:01, Jan 11

GoDaddy Rep: 

The site is live even before I check the IP https://snag.gy/LwcSn.jpg

21:02, Jan 11

You: https://imgur.com/a/NTZWiG

21:03, Jan 11

You: it wasn’t 30 minutes ago and it’s been hit and miss

21:03, Jan 11

GoDaddy Rep: 

Can you please clear your browsing history from the beginning of time and then restart your browser to clear the cache. You can also try it on private browsers such as incognito mode in chrome.

21:03, Jan 11

GoDaddy Rep: 

Or go to geopeeker.com to view the site on a global scale

21:04, Jan 11

You: I know it’s working now, I wanna know how/why Website Security decided to redirect the site to a Godaddy IP

21:05, Jan 11

GoDaddy Rep: 

The system logs indicating the IP was never change however since you have website security during a scan to filter your IP for possible malware attack or infiltration the IP needs to be replaced temporarily but it should not cause downtime.

21:05, Jan 11

You: The customer found the problem, their IT staff confirmed the problem. Then escalated the issue to me.

21:06, Jan 11

GoDaddy Rep: 

Is it on a work network. Firewall network can block access to certain site.

21:06, Jan 11

You: Well, it did and now the customer is going to want a explanation as to why their site was down for nearly a week

21:06, Jan 11

You: Dude, c’mon man. I get all that. That’s why I told them to get IT involved

21:07, Jan 11

GoDaddy Rep: 

A hacker can also replace the IP however since you have a website security once it is scanned it will be fix and return to original IP.

21:07, Jan 11

You: Then, once it was determined it wasn’t a local DNS issue I took it to you guys. Then confirmed the A Record was correct and still couldn’t explain why it was resolving to a Godaddy IP and why a godaddy site was provisioned to it

21:07, Jan 11

You: A hacker can…. replace the IP?

21:08, Jan 11

You: Like log in to the godaddy account and change the IP?

21:08, Jan 11

You: the A Record

21:08, Jan 11

GoDaddy Rep: 

Yeah it can alter the DNS and then the website will down without a security it won’t be reverted.

21:08, Jan 11

GoDaddy Rep: 

They don’t need to access the main account.

21:09, Jan 11

You: Are you suggesting that someone DNS hijacked several different business networks or are you saying someone hacked Godaddy account?

21:10, Jan 11

GoDaddy Rep: 

They will just inject a malware that will proxy the IP of godaddy and change the value. Similar to how proxifier works

21:10, Jan 11

GoDaddy Rep: 

No GoDaddy account. Just your website

21:11, Jan 11

GoDaddy Rep: 

That’s why we have the product called website security to prevent this kind of thing which you have in your product.

21:11, Jan 11

You: So myself, my phone, my customer, their IT Contractor and my normal place of business all have the same malware?

21:11, Jan 11

GoDaddy Rep: 

You can think of website security like having anti-virus for you computer but for you website. It scans your website once a day for malware, viruses, suspicious code and application vulnerabilities. The SMART tool automatically removes the bad stuff before it can harm your site.

21:12, Jan 11

GoDaddy Rep: 

They are million type of malware but there function is to destroy the site or disconnect it from the server. Which happened and fix automatically since you have security.

21:12, Jan 11

GoDaddy Rep: 

Anything else I can help you with for today?

21:14, Jan 11

You: listen, if I can’t get a solid answer as to why this happened I’m moving their park to network solutions. There’s no malware on their network, and definitely none on my network. And there for damn sure isn’t any on my nix server that hosts the site.

21:16, Jan 11

GoDaddy Rep: 

I hope you understand that I am trying to explain to you that website attach has no solid answer it can be cause by a lot of different thing. If only we can show you the back logs of our server indicating that no change occur from our end believe me I will show you just to prove that your site and secure and should be working with no issue.

21:18, Jan 11

GoDaddy Rep: 

*attack

21:19, Jan 11

You: So you have no answer. Fair enough. I’ll move the park. Because honestly, when I logged in last week and it showed the A Record pointing to the Azure server I thought the same thing. Their end… Sent them to their IT Service Provider and then the issue got thrown back to me. In other words, your DNS isn’t reliable then. That’s what I hear you saying.

21:21, Jan 11

GoDaddy Rep: That’s not what I am saying we have million subscriber using GoDaddy as there DNS provider but we will totally respect your decision regarding that matter but if the same attack happen hopefully you don’t encounter it again on your new registrar because believe me website are cloak Or hidden since they enter past through the website backdoor nobody would be able to provide you a solid answer. Everything vulnerable in the web product such as website security helps fix your issue automatically and prevent it from happening again. Anything else I can help you with for today?

21:24, Jan 11

You: It’s crazy a “hacker” would be so inclined to “cloak” the only site hosted on GoDaddy with a GoDaddy IP and a Godaddy Splash. Hucksters I tell you, Hucksters. I’ll move the park

21:25, Jan 11

GoDaddy Rep: 

If that was everything, You have a Blessed day and please take care for me. A small favor here. It means the world to me if you can take the survey after this chat about how I handled the chat. Please click the Close button at top right to answer a few questions.Thank you in advance.

21:25, Jan 11

Info: Thanks for chatting!