GoDaddy removes JavaScript injection that tracks the performance of the website, but can also break it

Apache OFBiz

By default, RUM was opt-in, but GoDaddy promised to turn the feature off-at least for now.

GoDaddy injects JavaScript into customer websites for tracking purposes that can slow down or completely break down websites.

According to programmer Igor Kromin, problems with the admin interface of his own website hosted by the popular web hosting service led him to examine the code in order to detect problems.

Government shutdown: TLS certificates not renewed, many websites down Malware found preinstalled on some Alcatel smartphones

What happens when cops also get malware hit?

Google search results listings can be manipulated for propaganda Kromin uncovered the failed loading effort of a JavaScript file, which implied that an unknown JavaScript file was loaded on his website. Ironically, the problem was originally a Safari bug rather than anything to do with GoDaddy.) While there was little evidence in the source code or templates of this file, all JavaScript pages of his website were served.

The file in question is from GoDaddy’s Real User Metrics (RUM) system, which the company describes as a means of ” identifying internal bottlenecks and optimization opportunities by inserting a small snippet of javascript code into customer websites.” Get to know about godaddy malware removal here.

“The JavaScript code snippet enables us to measure and track your website’s performance and collects information such as connection time and paging.” We’re not collecting any RUM user information. The data we collect enables us to improve our systems, optimize DNS resolution, and improve network routing and server settings.

“Customers in the United States and those using cPanel Shared Hosting or cPanel Business have automatically opted in. Collecting metrics and performance data is a common practice for many, and some webmasters will use their own collection systems in backend systems to make their website more visible.

However, GoDaddy publicly admitted that the JavaScript code could affect the performance of the website and that users should be aware of what could cause slowdowns or pure breaks.

“The JavaScript used may cause issues including slower site performance, or a broken / inoperable website,” says GoDaddy. The system at hand is based on the W3C navigation timing and while not a security issue, a default opt-in was not necessarily fair or reasonable if website breakage is a possibility.

Most customers are not expected to be affected by RUM, but Google’s AMP (Accelerated Mobile Pages Project) websites or pages that end with multiple end tags may be more susceptible to breaks or slow performance problems. Kromin said: “I’m not opposed to web host providers monitoring how their servers run.

The use of technology such as RUM is a great way to do this, but it is meant to be a passive technology that the end user cannot see. Injecting JavaScript into the pages that are served is far from passive and, at least in my eyes, is a breach of trust between the web host and the customer.

“As noted by TechRepublic, GoDaddy ‘s sister site, customers were able to opt out of tracking. To do this, you have to go to by clicking on the “… “button, ” Help Us, ” and ” Opt Out. ” Once this is done, the script is automatically removed from the webmaster’s domain.

This is no longer a requirement for customers, however after GoDaddy became aware of the concerns caused by the RUM programme, the company promised to immediately deactivate the JavaScript function. A GoDaddy spokesperson told ZDNet:

“We have created JavaScript Real User Metrics (RUM) to improve our customer hosting environment. The script is a non-invasive performance monitor that allows us to measure and track customer website performance and collect information such as connection time and page load time.

We collect performance information only, nothing more. We don’t collect any personal data. The data we collect is used to monitor our internal systems, optimize DNS resolution, improve network routing and server settings and help us improve the performance of the websites of our customers.

After careful examination of the concerns about this program, we decided to immediately deactivate the Javascript insertion on our hosting platform. In the future, we will reintroduce this program so that it is optional only. We apologize to our customers for any confusion and inconvenience.”

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.