Prat and a soon to be found and prosecuted prat at that.
GoDaddy stopped by massive DDoS attack
A lone hacker has claimed responsibility for an ongoing denial-of-service attack that may have knocked out millions of websites hosted by world's largest domain registrar GoDaddy. The attack began at around 10.00 Pacific time (17.00 GMT/18.00 BST) and appears to affect the registrar's DNS servers. Any site that is hosted with …
-
-
Tuesday 11th September 2012 13:20 GMT Anonymous Coward
Re: whut?
"I'd be more pissed at GD for letting it happen.."
It's a DDoS, there is no letting it happen, or preventing it as such. Also this "hacker" isn't testing the security of anything, it's testing the bandwidth/resources of the target machines at best.
It's just another pointless exercise making this kid think they're good when in fact, he/she/it is just an idiot costing people a lot of money.
-
-
-
Tuesday 11th September 2012 07:01 GMT djs
Re: Hacker?
I am not defending the term "hacking". I'm suggesting that the media calling script kiddies "hackers" feeds their egos, and perhaps that is the actual reason they make a nuisance of themselves. Call them what they are.
Taking down a few DNS servers is not a massive challenge, and could be done by more or less anybody for the downloading of a script. Just like letting down car tyres.
-
-
-
-
Tuesday 11th September 2012 09:42 GMT Anonymous Coward
Re: Hacker?
As he says, it's about ego. He wants to tell people he's a hacker to sound cool. Now lot's of people would think he sounds like an eYob. His use of the term script kiddie is a symptom too - be so quick to dismiss their skills so you look better (in your own eyes,) that you totally miss the enormity of what's happened.
-
-
-
Monday 10th September 2012 22:07 GMT Anonymous Coward
At least they're /working/ on it
I have several domains registered with GoDaddy and also experienced a massive outage. No fun at all. Fortunately for me most of my domains are already back up again, a few hours after it all happened. I think that's pretty decent knowing how hard it can be to fight off a DDoS.
Quite frankly the way they handle things is proof to me where they put their priorities. My websites are back up, the GoDaddy.com site isn't (at the time of writing); only displays a warning that they're aware of the issues.
For me this translates that they put all their effort on their customers, and will worry about their own stuff at a later time. IMO that suits them.
As to the DDoS... Pretty lame in my book, the work of dumb scriptkiddies who are best ignored. Wouldn't surprise me if the whole thing backfired; common users getting annoyed with anonymous while actually giving GD the benefit of the doubt.
-
-
Tuesday 11th September 2012 09:52 GMT Anonymous Coward
@AC
What can I say... "It just works".
I've been using them for approx. 4 to 8 years or so and this it the first time I've experiences issues like these. If there is a flaw to be found on my side it would be me being lazy. Instead of hosting the domains on my own DNS servers I chose to use theirs. Big deal.
GD has its flaws, absolutely, but when it comes to domain registrations and SSL certificates then they're doing a pretty decent job in my book. Their virtual servers otoh, now that's a completely different story.
-
-
-
Monday 10th September 2012 22:20 GMT asdf
GoDaddy no wonder
GoDaddy huh? Well that's your problem right there. When you go with the cheapest lowest common denominator registrar whose public face mainly is showing during the superbowl scantily clad married female racers who win about as often as the Green party in Texas what do you expect? GoDaddy is great for some cheap personal web site you don't really care about but anybody trusting them for a mission critical business website is a fool.
-
-
This post has been deleted by its author
-
Monday 10th September 2012 23:35 GMT Anonymous Coward
Re: GoDaddy no wonder
Instead of complaining about GoDaddy, why don't you suggest a better alternative? And not Prolexic, no small business can afford that.
And, BTW, IRC other DNS providers (EasyDNS, UltraDNS) with better reputations among geeks have been equally slow in restoring services after massive attacks. Even CloudFlare had security issues....
-
-
-
This post has been deleted by its author
-
Tuesday 11th September 2012 17:13 GMT asdf
Re: GoDaddy no wonder
>Maybe when you're old enough to run your own business
Its less about age (even though I am old as dirt) and more about business sense. Honestly considering their ads and corporate image would you really trust them with your livelihood? It doesn't take much internet research to realize GoDaddy (even before this latest ass hat self inflicted wound) should not be considered for anything critical to a business. Capitalism is incredibly efficient at separating a fool and his money.
-
Tuesday 11th September 2012 17:27 GMT Aaron Em
Business sense, you say?
OK then, asdf, let's look at the figures. Surely, being the hard-nosed, bottom-line-driven businessman you are, you're not going to argue with cold, hard numbers, right? Well, here's the numbers on my company's experience with GoDaddy.
We've been hosting DNS on GoDaddy for a bit over 4 years now; for simplicity's sake (and to save me looking up start dates for what is a back-of-the-envelope estimate), let's call it four years even, which gives a figure of 365 * 4 * 24 = 35040 hours.
Seven of our clients experienced downtime yesterday; the longest individual outage lasted just over four hours. In order to make our estimate as uncomplimentary to GoDaddy as possible, let's assume that all seven clients were down for the full six hours which some unlucky GoDaddy users saw. That gives us a combined total of 7 * 6 = 42 hours.
Expressed in percentage downtime, that gives ((42 / 35040) * 100) = 0.12% downtime; expressed in percentage uptime, that's 99.88% uptime.
Now, that's pretty damn good for a service that's so dirt-cheap it may as well be free, wouldn't you say? I've done business with companies whose SLAs were less stringent, and less stringently met, than that -- and I've paid much more for their services.
-
Tuesday 11th September 2012 17:47 GMT asdf
Re: Business sense, you say?
GoDaddy uptime is their strong point unlike their horrid customer service. Still the trend the last few months is a bit worrying.
2012 September 10 18 2 hrs, 11 mins, 10 secs 99.185% view
2012 August 31 2 0 hrs, 15 mins, 39 secs 99.965% view
2012 July 31 0 0 hrs, 0 mins, 0 secs 100.000% view
2012 June 30 0 0 hrs, 0 mins, 0 secs 100.000% view
2012 May 31 0 0 hrs, 0 mins, 0 secs 100.000% view
2012 April 30 0 0 hrs, 0 mins, 0 secs 100.000% view
2012 March 31 0 0 hrs, 0 mins, 0 secs 100.000% view
2012 February 29 1 0 hrs, 7 mins, 49 secs 99.981% view
2012 January 31 5692 3 0 hrs, 23 mins, 31 secs 99.947% view
-
-
-
Tuesday 11th September 2012 23:42 GMT asdf
Re: Fair enough, asdf, you didn't call me a muppet
Here is post you whining I deleted.
Wow sounds like some one is defensive about a poor business decision. Hopefully your boss will buy it. Or else your boss hired a paid shill to talk about how great GoDaddy is. You get what you pay for
I still stand by my original premise than anybody that relies on GoDaddy for anything mission critical is a fool especially as more details come out.
-
-
-
-
-
-
-
Tuesday 11th September 2012 00:02 GMT Aaron Em
FAIL indeed; well done
Straight to personalities! Aren't you adorable.
You do get what you pay for. That's why we don't host with GoDaddy -- we tried their VPS service once, and it was execrable. Their name service, on the other hand, has been quite reliable excepting today's issue, which is the sort of thing that could reasonably happen to anyone once. If it happens twice, of course, that'll be a different story.
...see there? That's how grown-ups talk in the real world, and please note the complete absence of '$' for 's' anywhere in anything I've written. You'd do well to try to emulate that sort of thing, if you can. Even if you can't, you'd do well at least to mention the name of someone you prefer over GoDaddy, rather than just slinging shit that's of no benefit to anyone.
-
-
Tuesday 11th September 2012 16:53 GMT Aaron Em
Update: GoDaddy claims internal error
See here, GoDaddy's PR release on the subject.
Too bad you were so busy calling me a muppet to take me up on the bet, asdf. Otherwise I might even now be asking you to which address I should PayPal $5.
Since you didn't bother, I'll replace all three of those with the following:
$5 there is a former GoDaddy network admin who is now trying to decide to which town he should move, to what he should change his name, and with what organization he might possibly ever again hope to find employment.
-
Tuesday 11th September 2012 17:30 GMT asdf
Re: Update: GoDaddy claims internal error
>$5 says DNS amplification via a reasonably sizable botnet.
>Otherwise I might even now be asking you to which address I should PayPal $5.
Where in their press release does it say anything about a botnet? They specifically say it was internal. You would be owing me actually.
-
Tuesday 11th September 2012 17:39 GMT Aaron Em
Wow. Bad day for you, asdf?
Quoting what you may decide not to stand by once you've realized how embarrassing to you it is, or should be:
Where in their press release does it say anything about a botnet? They specifically say it was internal. You would be owing me actually.
You're right. I already said as much. To make it painfully, pedantically clear:
1) I offered to stake $5 on the claim that the cause of the downtime was a DNS amplification attack delivered via a botnet.
2) Assuming you'd taken me up on the bet, you would implicitly be staking $5 on the cause of the downtime being anything else but that.
3) GoDaddy's PR statement says it was indeed not a DNS amplification attack via botnet, but rather an internal error.
4) This being the case, had there been a bet, you'd have won it, and I would need to know to which address I should send the $5 to pay off my losing bet. Which is what I already said, in the very comment you've quoted above.
"It's five o'clock somewhere" is a line from a song, not an axiom by which to live one's life. I wonder if you have trouble recognizing the difference; if so, may I suggest you investigate Alcoholics Anonymous meetings in your vicinity? They tend to be listed online, I gather.
-
-
-
-
Monday 10th September 2012 23:43 GMT Nate Amsden
I'm sure the guy is mad ..
because he was so disappointed when he went to to go daddy web site to see the exclusive "un censored" footage of the end of their various commercials.
think of it like this - if your a small business take the opportunity to consider switching to a more robust DNS provider. Or at the very least perhaps a provider that is less visible, so your less likely to suffer as a result of someone else's problem. Another approach could be to use multiple DNS providers.. though co-ordinating the setup of the zone transfers and stuff can often times be beyond the reach of the average customer.
-
-
Tuesday 11th September 2012 06:17 GMT Lewis R
Stop playing the blame game, and consider what has happened
Even DynDNS has suffered through DDoS attacks (many of them). Nobody is immune, and to assume that someone *is* immune is a fool's pursuit. See http://www.theregister.co.uk/2011/06/21/netsol_flood/ for yet another example, against a registrar who charges considerably more per domain (and enjoys a more "highbrow" reputation) than GD.
GoDaddy provides a decent registration service, and their DNS isn't bad (I prefer Dyn, but that, of course, adds another $30 per zone to the annual maintenance, and many companies register domains by the tens or hundreds...these numbers add up quickly).
Like someone said earlier, even sites not hosted with GoDaddy were affected, so hosting really had no bearing on the impact of this.
Even sites registered with GD but using off-site DNS would have been impacted, as without access to the point of delegation (registrar), eventually, the DNS cache would have expired and nobody would know *who* the authoritative nameservers *were* for such sites.
We've also somehow bought into the idea that a single individual (even with a botnet in place) could possibly pull this off, against the resources of an outfit the size of GD (bringing up new net links on new addresses, and updating DNS every few minutes, from many scattered places). I, for one, am not buying it simply on the say-so of some twit on tw-tter. It was likely a group effort, and one which took considerable planning to pull off (and that by no means should be taken as a statement of admiration for these slime).
Clearly, we need better safeguards at layers 3 & 4 against DDoS, before the traffic hits the intended target(s). This isn't a failure (only) of GD (in this case), but of the networks connecting the internet to GD (and how many of them were involved and yet somehow failed to mitigate the attack?).
-
Tuesday 11th September 2012 16:36 GMT Donn Bly
Re: Stop playing the blame game, and consider what has happened
@Lewis R
> Even sites registered with GD but using off-site DNS would have been impacted,
> as without access to the point of delegation (registrar), eventually, the DNS
> cache would have expired and nobody would know *who* the authoritative
> nameservers *were* for such sites.
Sorry, DNS doesn't work that way. Once your nameserver change has been submitted it goes to the root, and it never comes back to the submitting registrar. You are confusing DNS with WHOIS. In DNS, the root zone file contains EVERY domain, the name servers assigned, and even glue records which contain the IP addresses of those servers if the servers are under your own domain and are set up properly.
-
-
-
Tuesday 11th September 2012 16:43 GMT Donn Bly
Re: Soon to do the Perp Walk
> BTW, does GoDaddy really have "millions" of websites? I'd like to see the real numbers.
ns08.domaincontrol.com, one of the GoDaddy name servers taken down by the attack that I monitored because it had several of my client's domains on it, runs the authoritative DNS for over 33.9 million domain names. Actually, since you want "real" numbers, the count is 33,919,902 as of today.... of course, I expect that number to fall a little as people switch away.
-
-
Tuesday 11th September 2012 09:59 GMT Anonymous Coward
@AC
Unfortunately that could also be caused by GD itself, its one of their not so great services in my opinion. I've had such issues for quite a while; a VPS doing absolutely nothing would stay responsive for approx. 30 - 60 minutes and then turn completely unreachable.
When I reset said VPS the above scenario occurred, and when I contacted support they reset the VPS for me, concluded that it was back up and thus told me 'case closed'.
The fun part was when I setup a "phone home" routine (cron job which pinged one of my other (non-GD) servers and down/up -loaded a file); even during periods where the server was completely unreachable it would still easily perform such communication feats, thus ruling out external issues such as DoS or something.
When I discovered that I dropped the idea entirely to use GD for anything else but domain registrations and SSL certs.
-
-
Tuesday 11th September 2012 10:29 GMT Matt Hamilton
Just use multiple DNS servers?
This thing no-one has yet to point out is that the DNS system is already more than capable of dealing with attacks like this. It already has redundancy in place. You need to have at least 2 DNS servers for each domain. Just put those two DNS servers on different networks. Ie. have one with Go Daddy and one with someone else.
Why does no-one do this?
1) Cost. You no doubt will end up paying twice and everyone is a skinflint
2) Management. Any DNS changes will need to be made in more than one place in more than one interface on more than one system.
Alas there isn't really a secure, trusted, usable standard around for passing DNS zone information from one DNS server to another. No, zone transfers don't count.
-Matt
-
Tuesday 11th September 2012 11:41 GMT Anonymous Coward
Do people still celebrate this kind of thing?
As has been pointed out by numerous posters, no system is 100% secure, and there is no great achievement in having DDOSed this particular system. The justification that this moron was testing their security is laughable. It is as if a burglar claimed that he was just testing the security of a building when he set broke in. Why anybody would celebrate somebody who carries out a simple criminal act no smarter than kicking down a door, is utterly beyond me.
-
Tuesday 11th September 2012 12:31 GMT Anonymous Coward
Can somebody explain this
Why are domains that were registered with Godaddy but have their DNS servers elsewhere affected by this? I assumed that if Godaddys DNS servers were attacked it would only cause problems for sites that used Godaddys DNS, but this does not seem to the case. What am I missing?
I noticed Godaddy had switched the DNS of its main website to Verisign, that must have hurt!
-
Tuesday 11th September 2012 14:56 GMT Lewis R
Re: Can somebody explain this
...because without access to the registrar, it is not possible to verify which DNS provider is authoritative for the domain. There is a finite lifespan of the cache, and when that runs out, the NS record in the zone must be refreshed. To do that, the registrar (point of delegation) must be contacted. If unavailable, the zone expires.
While it is handy to have records with long TTL's, it makes propagating delegation changes more difficult, as the NS records won't be refreshed for a longer period of time.
-
-
Tuesday 11th September 2012 12:51 GMT ashR
RE: Can somebody explain this
>> Why are domains that were registered with Godaddy but have their DNS servers elsewhere affected by this?
They were not, it would have been a far bigger story if they were. Where are you seeing something that states otherwise?
The root nameservers would still resolve domains that were not using Godaddy DNS.
-
Tuesday 11th September 2012 13:53 GMT Anonymous Coward
Re: RE: Can somebody explain this
@ashR, a few friends asked if I knew why some sites were down that they could not access. Assuming it was godaddy related I checked where the nameservers and they were different for each site but a whois on those same sites showed they were all registered through godaddy.
Probably just a big coincidence then....
-
-
Tuesday 11th September 2012 13:40 GMT Gordon Pryra
Good for me anyway
Sod the script kiddy on the other side of the fence, Ive always got people I come into contact with to keep clear of Godaddy after a little issues I had with billing and crappy customer service.
Happy me, my competors all use cheapo Godaddy hosting. Google was great for me yesterday!!!!!
-
Tuesday 11th September 2012 22:39 GMT Dynamic Net
Questions small businesses should be asking after the outage
Good day:
This issue should hopefully raise some questions to stewards / managers of small businesses:
1. Does cheap web hosting lead to lost revenue? http://www.dynamicnet.net/2012/04/cheap-hosting-limits-growth-site/
2. Can you find high value web hosting? http://www.dynamicnet.net/2012/06/reflections/
3. Would it not be better for small businesses to support one another vs. going with large corporations like Godaddy, who advertisements sell on sexuality, where one will be treated with value vs. being just another number?
Of note, Hostgator, Bluehost, and hundreds of other companies are owned by EIG whose focus is cheap hosting. They throttle with a very heavy hand. While probably everyone in the world, at least by now, knows about the Godaddy outage, the heavy throttling could be far worse for small business owners as they may not know when customers can get to their sites.
Thank you.