What to Do If GoDaddy Emailed You about Shellshock Vulnerability

GoDaddy recently sent out an email with the subject line “CRITICAL: Security Issue with Your Server” warning customers about a widespread software vulnerability to those on the GoDaddy server.

“This vulnerability, now being called ‘Shellshock,’ takes advantage of a vulnerability in bash, making it possible for attackers to send and execute remote commands,” the email details.

So what do you need to do if GoDaddy sent you this email?

Are You On a Shared Hosting Server?

If you’re on a shared hosting server, GoDaddy will fix this for you. GoDaddy began patching its servers on Sept. 24, finishing in the evening on Sept. 26. GoDaddy also added security filters to protect accounts during the patching.

Are You On a Dedicated Server or Virtual Private Server?

However, if you’re on a dedicated server or a virtual private server, GoDaddy cannot patch the server for you. If you’re vulnerable, you most likely received an email from GoDaddy sometime on Friday. Keep reading.

How to Fix the Shellshock Vulnerability

GoDaddy offers instructions for you to patch the server yourself, claiming that “it’s pretty easy.” In addition to patching your server, GoDaddy’s Chief Information Security Officer, Todd Redfoot, also recommends you update your bash software (ASAP) if you’re running your own server or using Linux. Finally, he recommends staying up to date on security patches for your other devices like your phone and computer.

Despite what GoDaddy says about it being pretty simple to patch the server yourself, this is probably a little too complex for your average business owner to take care of. However, it’s important you don’t leave yourself exposed. You’ll need to find someone with technical skills to patch the server directly with code.