Godaddy Injecting JavaScript That May Break Customer Sites

Godaddy Injecting JavaScript That May Break Customer Sites

Written by Ionut Ilascu / Courtesy of Hongkiat

Domain registrar GoDaddy is injecting JavaScript into US customer websites that could impact the overall performance of the website or even render it inoperable.

A web administrator troubleshooting issues with the admin interface of a website found an error triggered by a JavaScript file failing to load. The code was already loaded by the website, although it was not familiar to the admin.

Looking at the comment in the JavaScript snipped, he realized that it came from the hosting service GoDaddy.

“Of course that comment in the script was a give away of what was going on but I didn’t immediately want to believe that the website host itself would be injecting a JavaScript script into my website without my consent! Turned out that’s exactly what GoDaddy was doing and they justified it as collecting metrics to improve performance,” Igor Kromin writes in a blog post yesterday.

The code is part of the Real User Metrics (RUM) feature that monitors websites for internal bottlenecks. It collects data on connection time and page load time.

Feature is opt-out

The script collecting these performance points is automatically added to the websites of US customers that are using cPanel Shared Hosting or cPanel Business Hosting.

In a twist of irony, this code snippet “may cause issues including slower site performance, or a broken/inoperable website,” GoDaddy admits on the RUM support page.

Admins that want to disable it are free to have a go from the cPanel hosting account. Both Kromin nd GoDaddy describe how to do this: turn off the Help Us feature available next to the cPanel Admin button.

Choosing to opt-out removes the JavaScript immediately from the website and performance detail will no longer be shared with GoDaddy.

Others saw this, did not like it either

Kromin is not the first to report the RUM script. Two months ago, users complained on Reddit about GoDaddy choosing to force RUM without on websites.

“Opt-in is one thing but this shouldn’t be legal. This bad business practice. Avoid any service provider who does this and being opt-out,” one user commented.

The ‘opt-in/opt out’ practice is far from being a new trick. It was observed back in the days when free software developers decided to make a buck by pushing various products when users installed the freebie.

This way, an inattentive user would end up adding on their system software they did not need while the developer of the free product got paid. 

This way, browser toolbars and shady applications engaging in unwanted activities that a user would never install willingly, would find their way on thousands of computers.

Users were not on board with the ‘opt-in’ practice then and neither are today. Vendors trying to get statistics that would help them improve their services should be transparent about this and allow users 

Read the original article over at Hongkiat.com.