back to article Massive DDoS attack blasts 123-reg offline

A "massive" distributed-denial-of-service attack emanating from China has taken down 123-reg, the UK net biz that hosts 1.4 million websites. In a statement on the its service status page just after midday today, 123-reg blamed attackers in China: From 11:30 to 22:50 our network was undergoing a massive distributed denial of …


This topic is closed for new posts.
  1. Anonymous Coward

    you tried to call them...

    Want to place bets on whether or not they have a VoIP phone system.

    1. Anonymous Coward

      Re: you tried to call them...

      Clearly you have no idea what you are on about.

      We have multiple VoIP system and you can trash our internet connection all you want and it would make FA difference.

      VoIP != Internet.

      1. Anonymous Coward
        Anonymous Coward

        Re: you tried to call them...

        If you have QoS and are using the bandwidth of course.

        Or you have a dedicated line for the VoIP yes.

        But if somebody is cutting off all the means of you communicating with the world, how do you expect VoIP to magically work?

        1. Anonymous Coward

          Re: you tried to call them...

          ISDN PRI's + Media gateways. Been around a couple of years now, do keep up.

          Home Micky Mouse solution != solid business solutions with redundancy.

    2. Anonymous Coward
      Anonymous Coward

      Simple solution, cut all links to China, the Chinese government will then react to it.

      If its state sponsored no arrests if its a bunch of criminals lot of executions.

      Win win.

    3. Anonymous Coward
      Anonymous Coward

      Re: you tried to call them...

      "VoIP != Internet"

      Not actually ridiculous assumption to make. Bet quite a lot of companies have their VoIP systems set up like that.

      If you DDoS our DC our CCTV goes offline so.. ;) Not just the uploads but actually the entire system (yeah, a really well designed system - everything outside/inside goes dark so you got no idea /what/ is going on).

      1. Shakje

        @AC 00:58

        Hi John, can I see you in my office please?

  2. Mr Anonymous

    I see they only list current issues, no history, so you can't see how good/bad their service is.

    1. MJG

      But fortunately you can go back on the twitter service updates (how I managed to get some information on this current issue) and see historic reports from them.

      Ironically always have problems with their email service normally, but today has been fine. Was also looking to move a load of domain names this week to 123, but now I may look elsewhere, any recommendations please (that allow a good level of control over TXT, MX, A, etc records)?

      1. Anonymous Coward
        Anonymous Coward

        I have had no problems with but then I only use them to redirect my domains MX A etc records to my own servers.

      2. Dan 109


        Tried route53?

  3. The Serpent

    No problems here

    I have sites and email with 123-reg, no problems from any of them all day

    1. itzman

      Re: No problems here

      Then you cant have actually used them. Their nameservers were unreachable for a couple of hours.

      MAYBE you had lookups cached, but I lost every single 123 domain because my slave nameserver follows the rules of timeouts, which in my case are quite short.

      They didn't answer the phone to me, either,

      Time to do domain names directly with nominet methinks.

      1. The Serpent

        Re: No problems here

        Wrong. One of the sites and hosted email accounts in question in a purely personal project that no one else is aware of and that I last checked over two weeks ago but I happened to drop a bit of work onto late this morning and then checked the email account for spam. All worked fine.

        So glad you are willing and able to tell strangers what has happened to them - you could make a bit of money filling in the blanks for hung-over revellers the morning after the night before. The fact that you got such different service at approximately the same time is interesting; sadly your opinion is not.

      2. Flabbergarstedbastard

        Re: No problems here

        I experienced some name resolution problems earlier.

        1. Anonymous Coward
          Anonymous Coward

          Re: No problems here

          As did we, but, you know, the OP is fine, so fuck everyone else

          1. The Serpent

            Re: No problems here

            Your interpretation, not my words or intention

  4. Anonymous Coward
    Thumb Down


    NOT Freeparking.

    No phone number, no email address, just a sh*tty support request app in their 15 year old site that sometimes they answer, sometimes they don't.

    1. Oliver Burkill

      Re: @MJG

      Phone number and address are on the site in the contact us section, however it's only displayed once you have clicked to say yes you have checked the online knowledge base.

  5. Anonymous Coward
    Anonymous Coward

    Just cancelled my 123-reg hosting

    Only signed up a few days ago, installed wordpress, found it super-unreliable (regular timeouts, 'unable to connect to database' etc.).This was happening before the DDoS. It's an odd company - the hosting was very poor, but their service is top rate, my tickets were responded to very quickly.

    Any recommendations for reliable hosting for wordpress? Nothing fancy, not heavily trafficked, but I need reliable.

    1. itzman

      Re: Just cancelled my 123-reg hosting

      Why not run your won hosting servers on a virtual machine? I have one that costs a couple or hundred a year only.

      All I use 123 for is DNS and the A***holes cant even do that properly it seems.

    2. Anonymous Coward

      Re: Just cancelled my 123-reg hosting

      5-Quid host if that's all you want to do.

      1 outage for a short time, over a year ago, responded to my email in 5 mins at 11.30pm.

      resolved shortly after.

      Support is great, even if by email.

      You may even be able to get the freebie.

      1. Anonymous Coward
        Anonymous Coward

        Re: Just cancelled my 123-reg hosting

        Thanks, will go check them out!

  6. Pete Spicer

    An article from Anna that doesn't include variations on the phrase 'Foxconn-rebrander', quality is slipping. After all, anything that comes out of China is Apple's fault, right?

    (Troll, because someone had to say it. Tongue firmly in cheek, of course.)

  7. Sean Houlihane


    Xilo works for me, I got a reseller account for barely more than the account I moved to 123-reg from. Something odd about wordpress and 123-reg hosting - almost like the site was swapped out and needed to be woken up before it would work.

  8. Anonymous Coward
    Anonymous Coward

    Chinese distributed-denial-of-service attacks

    You get a massive attack and think that's enough, but half an hour later you need another one.

  9. Matt Bryant Silver badge


    "A "massive" distributed-denial-of-service attack emanating from China has taken down 123-reg, the UK net biz that hosts 1.4 million websites...."

    OK, so why on Earth would anyone want to smack 123? I'm guessing either we have the good ol' Web extortion ("Pay uz wan-meelleeon dollahs or we keerash ur zite!" << in best Russian goonish), just routed out through China. Or maybe someone had some site on 123 offering support to Chinese dissidents. Have 123 recently refused to take down such a site at the request of the Chinese gubbermint or one of their pet businesses, perchance?

    1. jphn37

      Re: Motive?

      Maybe, just a theory, it's about Chinese website branding. In China, some common portals are hao123, kuku123, and haokan123. So, if citizens search for 123 and get a foreign, money making business, heaven forbid!

      1. Matt Bryant Silver badge

        Re: Re: Motive?

        I heard a story, can't find it on the Net so not sure of the validity, but it was about a German company that opened an office in Shanghai a few years back and got a main telephone number with lots of sixes and threes in it. Apparently, six and three are "lucky" numbers, and about a week after they opened the office they started getting calls saying the number had been assigned to them "by accident", would they sell it? Seeing as the company had done a lot of PR, website and pamphlet work with the number already on it they said no thanks, and the next week they got DDoS'd. That continued on and off until they gave the number back to China Telecom.

    2. Shakje

      Re: Motive?

      Doesn't it look a bit like a test run?

  10. Richard Cranium

    Can't blame them if it's a massive DDOS...

    ... at least they got it fixed within an hour - I host a couple of hundred domains on dedicated servers with them. I could access the server intermittently. It was showing load averages barely above 0%. I got (almost) straight through to support OK at 11:20 (call queue for less than 30 seconds).

    Unplanned downtime is a regrettable fact of life - International Banks, Gmail and most if not all major hosting companies all get problems - for what I pay I've historically had very high levels of server availability at Web Fusion, I guess better 99.99% taken over 10 years. When one of my dedicated servers suffered a fatal component failure at 10pm on Christmas day 3 or 4 years ago they swapped in a replacement within a couple of hours.

    Just do a search for [name any big organisation] on El Reg and see how many entries relate to service outages or successful hacks - e.g. HSBC gives:" HSBC UK systems major outage Customers can't use cards, online banking or ATMs" 4 Nov 2011. And believe me service loss to a Bank HSBC means a lot more than a blog about your new kitten.

    I do have gripes with Web Fusion - primarily I'd like to move to a more powerful server and their sales people said they'd transfer most of the data for a few hundred quid but I'd have to copy across email account settings and any non-default DNS settings myself - try doing that for 100 accounts...

    That's the only reason I've been looking for an alternative host (but so far failed to find one I'm happy with).

    Admittedly their support has gone downhill since they moved some of it to India. A recent trivial example: domain name renewal paid, email some days later from Nominet to say "not renewed" so we assumed payment to 123reg had gone wrong so paid (again) they did renew - and promptly took the payment twice. India said "non-refundable". (Got it escalated and sorted in the end but at the cost of time, incredulity and anger). But show me anyone that doesn't outsource support somewhere cheap and incompetent.

    So if anyone does have a better solution at the same level of cost I'm interested but I'm not holding my breath...

    1. Shaz k

      Re: Can't blame them if it's a massive DDOS...

      Hi Richard,

      I am really sorry to hear about the issues you may have suffered, please can you email me via private message on the forum with your contact details and I will be more that happy to look into the migration for you.


  11. Anonymous Coward
    Anonymous Coward

    Really?, no I mean Really?

    Interesting that the DDoS attack coincides so nicely with changes to their login methods.

  12. Anonymous Coward
    Anonymous Coward

    So sue china in court - then tell us something new

    So sue them, then China can sue those involved, There country it orginated from, there problem, they pay for it.

    That all said were you hosting barclays and hsbc past week or so, as explains lots.

  13. Jeebus

    I always find it funny that DDOS attacks from China have become so normal that the discussion about a DDOS attack is solely about how reliable 123 is daily. The shock value has gone and we just expect them.

  14. Pahhh

    As a Webfusion customer

    We got a hosted service through Webfusion (2 dedicated servers). Their email response leaves a lot to be desired but amazingly their telephone support is extrodinarily good. They seem to really know their stuff and in the 3 or so years we been with them, the turn around to resolution from initial call has normally been within 1 hour.

    Now this may not have any relation to the 123 service but I have nothing to complain about concerning the service. Our website is mostly accessed internationally and they seem to have excelent links to some core internet infrastrure with good download speeds worldwide.

    The price was also substencially less than Rackspace too.

    I'm only a customer and other than that not affliated with the company but thought it was fair to say not everyone is displeased with Webfusion.

  15. Anonymous Coward
    Anonymous Coward

    Business as usual then?

    A friend asked me to help them setup a website and they bought a domain and hosting package from 123-reg.

    I've had nothing but problems with the hosting. You're working on the site and then suddenly it becomes unaccessible. 10 mins later and it's working again for another 5 mins. Seems to go on like this forever.

    1. Richard Cranium

      Re: Business as usual then?

      Frankly I'd be looking elsewhere for the problem - like the broadband connection or FTP settings.

      I've never had that problem with web fusion servers (though I do see that kind of issue with a couple of other providers I have to use sometimes) and I and my office staff make extensive use of FTP.

  16. This post has been deleted by its author

  17. Anonymous Coward
    Anonymous Coward


    I'd have the thought the discussion would have been about the how and why of chinese DDOS attacks and what could be done about it.

    Instead commentators seem blase about the attack and more into which hosting provider gives the best un-DDOS-ed service.

  18. Anonymous Coward

    Recommending alternatives...

    For domain reg: Namecheap

    For hosting: Linode [VPS]

  19. Anonymous Coward
    Anonymous Coward

    Lovely cup of tea

    Don't worry be happy. Do the Brit thing and make a lovely cup of tea, then get some Chinese and watch TV

  20. cyberdemon Silver badge

    We know we are a prime target. We are still in the process of resolving this.

    Easiest way to stop being a prime target seems to be to get whacked.

  21. Anonymous Coward
    Anonymous Coward

    Always from China

    Recent spam hitting my website, sources mostly China, but recently Russia and North Korea. Attempted and failed SQL injection attach - source China.. A while back (before I was wiser) mobile phone was hacked and account used to send spam, source China.

    These days I operate a black list of IP addresses and kick out any traffic that has an 'undesirable' origin. Sure, they could use proxies but most of them find easier targets. Just disconnect them from the Internet I say!!

  22. Mostly_Harmless Silver badge
    Thumb Up

    from the 123-Reg website's System Status page

    "This attack was identified by our network team who made immediate changes to remove the DDOS traffic from within our core network, and within 15 minutes key work was completed routing traffic through our redundant connections and blocking the incoming traffic on our core network."

    To me, that sounds like pretty good drills on the part of 123-reg.

  23. Seb123

    I think it's time to lay down some smack time on the Chinese. I suggest starting with the WhoAreWe offices in Basingstoke. We shall plunder.

  24. mhenriday
    Big Brother

    «From 11:30 to 22:50 our network

    was undergoing a massive distributed denial of service attack from China.» Hope the Reg will stay on top of this ! As most of us presumably know, the fact that the computers used in a DDOS are found in a particular location says little or nothing about the source of the attack ; has 123-reg had anything to say on what, if anything, they have been able to determine on this matter ? The major problem in China seems to be the presence of huge numbers of insecure computers - fortunately, the proportion of computers running IE6 has sunk to around 16 %, a drastic decline during the last year (, which hopefully will lead to fewer bots being available for such attacks. But of course, since China is currently everybody's favourite bête noire and China bashing everybody's favourite pastime - a useful distraction from other, for the establishment less convenient pursuits - the incentive to investigate further is perhaps not so great....


    1. Matt Bryant Silver badge

      Re: «From 11:30 to 22:50 our network

      "....since China is currently everybody's favourite bête noire and China bashing everybody's favourite pastime...." Aw, henri, didn't you recently assure us that Iran was everybody's bete noire and Iran bashing was everyone's fave past-time? Or is it just that taking any stance in ooposition to the status quo is just your fave past-time?

  25. Pahhh

    ok, not quite so rosy

    I posted earlier how Webfusion havent failed me.

    Unfortunantly in an attempt to protect themselves from DDOS they just blocked out Asia. So got complaints from China, Taiwan, Australia and Japan that they cant access our web site. We host our own DNS server too.

    Just spoke to a support guy and apparently they just lifted the restriction so hopefully our Asian customer base will now have access again........

  26. Nuend0
    Thumb Down

    moving away from 123...

    after they screwed me with their auto renew policy (which they sent the advanced warnings to a dead account that would have bounced back as non existent), I've been moving all my hosting / domains & clients hosting / domains away slowly.

    kinda lucky I only had 3 products with them during this attack.

    i've found to provide excellent services and lightning support at unbelievably cheap prices.

    I've got 1 reseller host & 2 vps accounts with them and unless something really bad happens to them i won't be looking elsewhere ever again

  27. cortland

    An increase in such activity is a worrisome indication that other Chinese adventures might be in the offing, and not just on the Net. Once the rehearsals are done, expect complete silence -- for a while.

This topic is closed for new posts.

Other stories you might like