Godaddy is injecting code into websites

This is apparently the original source:

Godaddy is apparently injecting metrics gathering JavaScript into websites that are run on their shared hosting service.

Apparently, you can opt out, but this is some serious egg on their face. Injecting tracking code into websites that are not yours is not something you do silently, unless you have malicious intent.

This is pretty fucked up, if you ask me.


So they have no issues with monitoring your web site, they have no issues with breaking your web site… so when they say they are going to monitor your website to make it faster does that mean they’ll break it faster?

1 Like

It worries me, they are a giant website host, but what about the others? Namecheap? Bluehost… etc?

1 Like

I just asked someone that uses godaddy, he said they added it to his sites. He has something like 5+ sites on his account.


Yeah, the guy who told me about this said he’s just gonna run his own nginx server instead of continuing to use godaddy.

So basically, they think they’re geocities.

Except you pay for it.


I only recently discovered that GoDaddy also own WebFaction, and have done for about a year now. I was pretty sad to close my WebFaction account.

Good thing Java is completely secure.

1 Like

Is anything? :thinking: Not sure where this came from, though.

Didn’t GoDaddy do this a few years ago to block compatibility with Amazon? I remember reading something about that.

1 Like

It was a sarcastic joke. :roll_eyes:

I couldn’t tell you. :confused:

That sounds like something they may have done though.

I got that, but it seems random to trash Java out of the blue. Hence my :thinking:

Might be misremebering. But yeah, pretty bizarre thing to do on their end. There are better reporting services lol.

I’m not trashing it out of the blue, this thread is about GoDaddy interjecting JavaScript into sites.

Java is not Javascript.


But you said Java…

JavaScript isn’t inherently insecure, but there are a lot more beginner/n00b devs than there are advanced.

Which has nothing to do with the security of JavaScript, and especially not Java.

1 Like

Good thing JavaScript is completely secure. Better? Happy?

Dude, chill, I was obviously confused. So were you, apparently, it’s fine.

JavaScript is as secure as the development team makes it.

Anyway, I’m out.

1 Like

Every language is insecure in its own way. It’s (usually) not the language (adobe flash), but how they use it which determines how secure it is.

You can have immutable and type-safe data structs in JS (Typescript) just as well as you can have mutable structs and type-inferencing variables.

For example, Wordpress uses PHP and without proper hardening, those sites are ripe for auto-exploiting. Is PHP insecure by default? No, but its how it was implemented.

Before people wrote shitty php code, they wrote shitty perl code. So in the early days, you had a bunch of perl daemons running the web. Now, people write shitty js, and in the future, they might continue to do that or find something else.