Earlier this week we revisited a security issue with a web host that had yet to be resolved nearly two years after we first brought it up, but things can be worse than that.
Back in January of 2014 we pointed out that GoDaddy was still using a version of the database administration tool phpMyAdmin for which support ended in July of 2011. While dealing with an issue on a website hosted with them we noticed that they still are running that version, 2.11.11.3. It is incredible that such a big company would be running outdated and unsupported for over five and half years. You have to wonder what less visible security issues also exist in their systems.
While GoDaddy has a number of different types of accounts, according to their listing of what software is running on them all of the account types that include phpMyAdmin provide outdated versions of it. The newest version they are providing with an account type is 4.0.10.14, which is over a year out of date. They also are using 4.0.8, which is over three years out of date. Finally they are using 3.5.8.2, for which supports ended over three years ago.
When looking at this situation we can’t help but think of the GoDaddy’s partnership of with the security company SiteLock. If we were not already aware of what SiteLock actual does, it would seem very odd that they would not have required GoDaddy to deal with this issue long or ended their partnership, as it would highly irresponsible, at the very least, to be involved with a company that you know is leaving their customers insecure in this way.