For 2 years this site was hacked.

Dear Godaddy,

I have been a customer for many years and the interaction that I just had with your highest level "security expert" not only seemed like a sales tactic but was highly unprofessional.
When I explained that what he was telling me was false he got defensive and stated he could not help me because I told him he was wrong and then proceeded to argue with me more.
Due to the nature of my work and my advanced knowledge of exploitation and vulnerabilities I am calling bullshit.

You informed me 3 days ago of the compromise. I do not use or review this site much anymore as it sits serving files and tutorials for friends. When I asked them how access to my site was gained their answer was not even close to the truth
As a professional White Hat hacker/penetration tester that has been in the industry for over 12 years and around the hacking scene for over 20; I understand vulnerabilities and exploitation very well.
The support technician that stated he is the highest security person at GoDaddy claimed the following when I asked how my site was hacked:
-All html files can be hacked without protection because it is command driven (static and dynamic, post or get).
-Attackers can add WordPress through the .htaccess file because there are commands in it that anyone can execute.
-FTP cannot be hacked to exploit sites, that this is not how sites are hacked.

Absolutely FALSE


Ftp can absolutely be used to compromise a site through the use of brute forcing and dictionary attacks.
Reference: http://aakarperiwal.com/brute-force-using-hydra/

The injection happens in to the .htaccess file for redirects by malware, not injection because of the .htaccess file.
Reference: https://blog.sucuri.net/2011/05/understanding-htaccess-attacks-part-1.html

Unless there was an Apache flaw on Godaddy's side that did not get patched, there is no possible way that the simple, static code that was uploaded could have been hacked/
Reference: https://security.stackexchange.com/questions/74360/can-my-raw-html-website-get-hacked


Thanks,
Unhappy Customer