500 Internal Server Error

Got a personal website hosted on Godaddy that all of a sudden started giving me 500 Internal Server Error:

I have the domain and hosting at Godaddy – Economy Linux hosting. I use WordPress as the front end. Not the WordPress setup they offer, but I uploaded my own WordPress files, setup a MySQL db, and configured everything manually. I use the site to host family pictures and videos. I haven’t made any changes in a month however all of a sudden I’m getting 500 Internal Server Errors.

During the course of my investigation, I found out it was due to my .htaccess file. The site worked without it, but why? It worked fine before!

Turns out it was the following line in the file:

# disable directory browsing
Options All -Indexes

I commented it out, and everything worked fine. Not sure if it’s a Godaddy issue or an Apache issue. Probably the former.

But I would think it would be prudent to disable directory browsing. However, what’s weird is that I have similar setups with Godaddy, including the Options All -Indexes, and have no issues…yet.

Exodus From China

With Google exiting China over it’s censorship issues, Godaddy no longer selling .cn domains names over censorship, Dell possibly thinking about “safer environments” for manufacturing, and Congress lighting a fire under Microsoft, could this be the start of a grand exodus out of China?

Stolen Domain: MakeUseOf.com

I use Godaddy.com for alot of my domains, both for domain registration and hosting, so this story doesn’t give me the warm & fuzzy feeling I’d like from a domain registration company. But nevertheless, it reminds us that we should change our passwords regularly and make sure that they are strong.  And it also reminds us that, no matter how secure the technology is, hackers can get by via some social engineering, by basically calling up some gullible or careless tech support person, pretend that they’re you, and get tech support to divulge personal information about you without doing a little background check.

Updates to this story can be found here.

We can now confirm that the attacker in fact got the access details through Gmail and set up a forward filter to send incoming emails from GoDaddy to another Gmail account. Now the account had a strong approximate 15 character long password. How the hell did he manage to get in? Is it another Gmail Security Flaw? … Aibek]

Now it turns out that in order to transfer the domain, Ferank (or someone helping him) called up GoDaddy and impersonated Aibek. At that point he had already access to our account (or at least had enough information to recover the username/pass for the account) and basically said “hi, I’m the owner of MakeUseOf.com, please transfer the domain”. GoDaddy then complied.

Good luck to the makeuseof.com folks!