Feeds

back to article GoDaddy stopped by massive DDoS attack

A lone hacker has claimed responsibility for an ongoing denial-of-service attack that may have knocked out millions of websites hosted by world's largest domain registrar GoDaddy. The attack began at around 10.00 Pacific time (17.00 GMT/18.00 BST) and appears to affect the registrar's DNS servers. Any site that is hosted with …

COMMENTS

This topic is closed for new posts.

Page:

Anonymous Coward

Prat and a soon to be found and prosecuted prat at that.

9
3

FBI will have the last Lulz as always. When will these clowns learn.

1
0

whut?

That they're angry at the guy that took them down, is understandable.. but I'd be more pissed at GD for letting it happen..

I'd wondered where grrlpowercomic had gone..

6
5
Silver badge

Re: whut?

The dead elephant is in the room

3
0
Anonymous Coward

Re: whut?

"I'd be more pissed at GD for letting it happen.."

It's a DDoS, there is no letting it happen, or preventing it as such. Also this "hacker" isn't testing the security of anything, it's testing the bandwidth/resources of the target machines at best.

It's just another pointless exercise making this kid think they're good when in fact, he/she/it is just an idiot costing people a lot of money.

2
0
djs

Hacker?

Can we stop calling this morons "hackers", please? DDoS is about the intellectual level of letting the air out of car tyres. How about "obnoxious wanker" instead? It even sounds a bit like his handle. Maybe that's what he meant but he just couldn't spell "obnoxious".

21
8
Bronze badge
FAIL

Re: Hacker?

Sorry, but taking down nearly 50 million websites for a prolonged period may not be "hacking" - to use a term that you so vigorously defend, but it is not nevertheless equivalent to "letting air out of tyres", which anybody could accomplish.

7
4
djs

Re: Hacker?

I am not defending the term "hacking". I'm suggesting that the media calling script kiddies "hackers" feeds their egos, and perhaps that is the actual reason they make a nuisance of themselves. Call them what they are.

Taking down a few DNS servers is not a massive challenge, and could be done by more or less anybody for the downloading of a script. Just like letting down car tyres.

6
2
Anonymous Coward

Re: Air...

It is if the tire belongs to an airplane and gets the entire airport shut down (and the subsequent flights). So it's kind of like one stupid small act, that has a massive effect. Sadly. :(

3
3
Anonymous Coward

Re: Hacker?

you tw*t

2
3
JDX
Gold badge

Re: Hacker?

Really, we're talking about millions of sites taken down, thousands of businesses impacted, and you want to whinge about how we're using the wrong term?

2
2
Anonymous Coward

Re: Hacker?

As he says, it's about ego. He wants to tell people he's a hacker to sound cool. Now lot's of people would think he sounds like an eYob. His use of the term script kiddie is a symptom too - be so quick to dismiss their skills so you look better (in your own eyes,) that you totally miss the enormity of what's happened.

1
2
Silver badge

Re: Hacker?

Absolutely!!!!

it's the equivalent of letting the air out of fifty million tyres, which as you point out is quite a feat :-)

not a go daddy customer, and a bit of a fan of the heffalump, so dont really give a toss

3
2
Megaphone

Re: Hacker?

won't somebody think of the children!!!!!!1!!!1!!11111

0
0
Silver badge
Go

At least they're /working/ on it

I have several domains registered with GoDaddy and also experienced a massive outage. No fun at all. Fortunately for me most of my domains are already back up again, a few hours after it all happened. I think that's pretty decent knowing how hard it can be to fight off a DDoS.

Quite frankly the way they handle things is proof to me where they put their priorities. My websites are back up, the GoDaddy.com site isn't (at the time of writing); only displays a warning that they're aware of the issues.

For me this translates that they put all their effort on their customers, and will worry about their own stuff at a later time. IMO that suits them.

As to the DDoS... Pretty lame in my book, the work of dumb scriptkiddies who are best ignored. Wouldn't surprise me if the whole thing backfired; common users getting annoyed with anonymous while actually giving GD the benefit of the doubt.

5
3
Anonymous Coward

Re: At least they're /working/ on it

"I have several domains registered with GoDaddy and also experienced a massive outage. No fun at all."

all i can say is hah! and once again, hah!

if you are stupid enough use such a muppet ridden registrar/host, your own damn fault.

Great SysAdmin you are.

8
13
Silver badge

@AC

What can I say... "It just works".

I've been using them for approx. 4 to 8 years or so and this it the first time I've experiences issues like these. If there is a flaw to be found on my side it would be me being lazy. Instead of hosting the domains on my own DNS servers I chose to use theirs. Big deal.

GD has its flaws, absolutely, but when it comes to domain registrations and SSL certificates then they're doing a pretty decent job in my book. Their virtual servers otoh, now that's a completely different story.

3
1
Silver badge
FAIL

GoDaddy no wonder

GoDaddy huh? Well that's your problem right there. When you go with the cheapest lowest common denominator registrar whose public face mainly is showing during the superbowl scantily clad married female racers who win about as often as the Green party in Texas what do you expect? GoDaddy is great for some cheap personal web site you don't really care about but anybody trusting them for a mission critical business website is a fool.

11
6

Re: GoDaddy no wonder

$5 says DNS amplification via a reasonably sizable botnet.

$50 says you wouldn't handle it hitting your DNS servers one-tenth as well.

$500 says you won't stop bitching about GoDaddy for a second, nonetheless.

10
0

This post has been deleted by its author

Anonymous Coward

Re: GoDaddy no wonder

Instead of complaining about GoDaddy, why don't you suggest a better alternative? And not Prolexic, no small business can afford that.

And, BTW, IRC other DNS providers (EasyDNS, UltraDNS) with better reputations among geeks have been equally slow in restoring services after massive attacks. Even CloudFlare had security issues....

3
2
Facepalm

FAIL indeed; well done

Straight to personalities! Aren't you adorable.

You do get what you pay for. That's why we don't host with GoDaddy -- we tried their VPS service once, and it was execrable. Their name service, on the other hand, has been quite reliable excepting today's issue, which is the sort of thing that could reasonably happen to anyone once. If it happens twice, of course, that'll be a different story.

...see there? That's how grown-ups talk in the real world, and please note the complete absence of '$' for 's' anywhere in anything I've written. You'd do well to try to emulate that sort of thing, if you can. Even if you can't, you'd do well at least to mention the name of someone you prefer over GoDaddy, rather than just slinging shit that's of no benefit to anyone.

7
2
Anonymous Coward

Re: GoDaddy no wonder

ROFL, a better alternative?

how about every single other registrar/host on the planet.

bloody hell, who opened the muppet door this morning

4
6
JDX
Gold badge

Re: GoDaddy no wonder

It's less about who opened the door than it is about who walked through it.

Yes we know, everyone popular is shit, blah blah blah. Maybe when you're old enough to run your own business your opinion will be worth listening to.

2
1
Bronze badge

Re: GoDaddy no wonder

I agree, so far I've only received one complaint email (from mom) about not seeing my new dog pics. For 5$ a month you get what you pay for.

0
0

Update: GoDaddy claims internal error

See here, GoDaddy's PR release on the subject.

Too bad you were so busy calling me a muppet to take me up on the bet, asdf. Otherwise I might even now be asking you to which address I should PayPal $5.

Since you didn't bother, I'll replace all three of those with the following:

$5 there is a former GoDaddy network admin who is now trying to decide to which town he should move, to what he should change his name, and with what organization he might possibly ever again hope to find employment.

0
0

This post has been deleted by its author

Silver badge
FAIL

Re: Update: GoDaddy claims internal error

>Too bad you were so busy calling me a muppet

I never called you a muppet some one else did. After reading that press release though anybody whose business relies on GoDaddy going forward is a muppet big time.

0
0
Silver badge

Re: GoDaddy no wonder

>Instead of complaining about GoDaddy, why don't you suggest a better alternative?

I charge to do research for muppets. The only free advice I would give is based on the fact GoDaddy did this to themselves I wouldn't use them in the future.

0
0
Silver badge
FAIL

Re: GoDaddy no wonder

>Maybe when you're old enough to run your own business

Its less about age (even though I am old as dirt) and more about business sense. Honestly considering their ads and corporate image would you really trust them with your livelihood? It doesn't take much internet research to realize GoDaddy (even before this latest ass hat self inflicted wound) should not be considered for anything critical to a business. Capitalism is incredibly efficient at separating a fool and his money.

0
0

Business sense, you say?

OK then, asdf, let's look at the figures. Surely, being the hard-nosed, bottom-line-driven businessman you are, you're not going to argue with cold, hard numbers, right? Well, here's the numbers on my company's experience with GoDaddy.

We've been hosting DNS on GoDaddy for a bit over 4 years now; for simplicity's sake (and to save me looking up start dates for what is a back-of-the-envelope estimate), let's call it four years even, which gives a figure of 365 * 4 * 24 = 35040 hours.

Seven of our clients experienced downtime yesterday; the longest individual outage lasted just over four hours. In order to make our estimate as uncomplimentary to GoDaddy as possible, let's assume that all seven clients were down for the full six hours which some unlucky GoDaddy users saw. That gives us a combined total of 7 * 6 = 42 hours.

Expressed in percentage downtime, that gives ((42 / 35040) * 100) = 0.12% downtime; expressed in percentage uptime, that's 99.88% uptime.

Now, that's pretty damn good for a service that's so dirt-cheap it may as well be free, wouldn't you say? I've done business with companies whose SLAs were less stringent, and less stringently met, than that -- and I've paid much more for their services.

0
0

Fair enough, asdf, you didn't call me a muppet

Checking back, I find I did misattribute that particular personal insult; instead, I see that you called me both an incompetent and a shill.

So: apologies for the error, fuck you, and fuck you, in that order.

1
0
Silver badge
FAIL

Re: Update: GoDaddy claims internal error

>$5 says DNS amplification via a reasonably sizable botnet.

>Otherwise I might even now be asking you to which address I should PayPal $5.

Where in their press release does it say anything about a botnet? They specifically say it was internal. You would be owing me actually.

0
0

Re: Fair enough

...and then you deleted the post in which you had previously called me those names. Coward.

0
0

Wow. Bad day for you, asdf?

Quoting what you may decide not to stand by once you've realized how embarrassing to you it is, or should be:

Where in their press release does it say anything about a botnet? They specifically say it was internal. You would be owing me actually.

You're right. I already said as much. To make it painfully, pedantically clear:

1) I offered to stake $5 on the claim that the cause of the downtime was a DNS amplification attack delivered via a botnet.

2) Assuming you'd taken me up on the bet, you would implicitly be staking $5 on the cause of the downtime being anything else but that.

3) GoDaddy's PR statement says it was indeed not a DNS amplification attack via botnet, but rather an internal error.

4) This being the case, had there been a bet, you'd have won it, and I would need to know to which address I should send the $5 to pay off my losing bet. Which is what I already said, in the very comment you've quoted above.

"It's five o'clock somewhere" is a line from a song, not an axiom by which to live one's life. I wonder if you have trouble recognizing the difference; if so, may I suggest you investigate Alcoholics Anonymous meetings in your vicinity? They tend to be listed online, I gather.

1
0
Silver badge

Re: Business sense, you say?

GoDaddy uptime is their strong point unlike their horrid customer service. Still the trend the last few months is a bit worrying.

2012 September 10 18 2 hrs, 11 mins, 10 secs 99.185% view

2012 August 31 2 0 hrs, 15 mins, 39 secs 99.965% view

2012 July 31 0 0 hrs, 0 mins, 0 secs 100.000% view

2012 June 30 0 0 hrs, 0 mins, 0 secs 100.000% view

2012 May 31 0 0 hrs, 0 mins, 0 secs 100.000% view

2012 April 30 0 0 hrs, 0 mins, 0 secs 100.000% view

2012 March 31 0 0 hrs, 0 mins, 0 secs 100.000% view

2012 February 29 1 0 hrs, 7 mins, 49 secs 99.981% view

2012 January 31 5692 3 0 hrs, 23 mins, 31 secs 99.947% view

0
0
Silver badge

Re: Wow. Bad day for you, asdf?

There is no argument here really and no need for names for anyone other than GoDaddy. The fact is GoDaddy sucks. Everyone makes mistakes and sometimes doesn't pick the best company to do business with.

0
0
Silver badge

Re: Fair enough, asdf, you didn't call me a muppet

Here is post you whining I deleted.

Wow sounds like some one is defensive about a poor business decision. Hopefully your boss will buy it. Or else your boss hired a paid shill to talk about how great GoDaddy is. You get what you pay for

I still stand by my original premise than anybody that relies on GoDaddy for anything mission critical is a fool especially as more details come out.

0
0
Anonymous Coward

He is anonymous

Anonymous likes to have its cake and eat it too. They either an organisation or they're just anyone depending on what best fits the argument. But anyone can be anonymous so they can't claim they're not responsible.

2
2
Anonymous Coward

Re: He is anonymous

So you"re basically saying Anonymous is Batman?

1
1
Bronze badge

I'm sure the guy is mad ..

because he was so disappointed when he went to to go daddy web site to see the exclusive "un censored" footage of the end of their various commercials.

think of it like this - if your a small business take the opportunity to consider switching to a more robust DNS provider. Or at the very least perhaps a provider that is less visible, so your less likely to suffer as a result of someone else's problem. Another approach could be to use multiple DNS providers.. though co-ordinating the setup of the zone transfers and stuff can often times be beyond the reach of the average customer.

1
0
Anonymous Coward

He is from Brazil

http://www.zdnet.com/anonymous-hacker-claims-godaddy-attack-outage-hits-millions-7000003925/

He should at least have changed the Godaddy girl cover to a naked Godaddy girl instead.

0
0
Silver badge
Joke

@AC

But if she was naked how would we know it was a GD girl? ;-)

0
0
404
Bronze badge

re: GD Girl identification

by the penis....

;)

2
0
Anonymous Coward

It is not just Godaddy.com hosted websites.

It also affects Godaddy.com registered websites, that use Godaddy.com nameservers, that then redirect via custom A records to other hosts.

That is all.

0
1
Anonymous Coward

Re: It is not just Godaddy.com hosted websites.

Really? considering it's a DNS Ddos, ofc it's not just hosted sites.

christ, is it a full moon or something, seems to be a great deal of iijuts on this morning

0
0
Mushroom

My first thought when I saw this was must have been someone who tried to do something pretty simple, but ended up tearing their hair out with the abomination that is the godaddy control panel.

Lowest common dominator indeed... GoDaddy is to hosting like nescafe is to coffee.

6
1
JDX
Gold badge

I'm not a web-dev and I can figure it out.

1
0

Stop playing the blame game, and consider what has happened

Even DynDNS has suffered through DDoS attacks (many of them). Nobody is immune, and to assume that someone *is* immune is a fool's pursuit. See http://www.theregister.co.uk/2011/06/21/netsol_flood/ for yet another example, against a registrar who charges considerably more per domain (and enjoys a more "highbrow" reputation) than GD.

GoDaddy provides a decent registration service, and their DNS isn't bad (I prefer Dyn, but that, of course, adds another $30 per zone to the annual maintenance, and many companies register domains by the tens or hundreds...these numbers add up quickly).

Like someone said earlier, even sites not hosted with GoDaddy were affected, so hosting really had no bearing on the impact of this.

Even sites registered with GD but using off-site DNS would have been impacted, as without access to the point of delegation (registrar), eventually, the DNS cache would have expired and nobody would know *who* the authoritative nameservers *were* for such sites.

We've also somehow bought into the idea that a single individual (even with a botnet in place) could possibly pull this off, against the resources of an outfit the size of GD (bringing up new net links on new addresses, and updating DNS every few minutes, from many scattered places). I, for one, am not buying it simply on the say-so of some twit on tw-tter. It was likely a group effort, and one which took considerable planning to pull off (and that by no means should be taken as a statement of admiration for these slime).

Clearly, we need better safeguards at layers 3 & 4 against DDoS, before the traffic hits the intended target(s). This isn't a failure (only) of GD (in this case), but of the networks connecting the internet to GD (and how many of them were involved and yet somehow failed to mitigate the attack?).

4
1

Re: Stop playing the blame game, and consider what has happened

@Lewis R

> Even sites registered with GD but using off-site DNS would have been impacted,

> as without access to the point of delegation (registrar), eventually, the DNS

> cache would have expired and nobody would know *who* the authoritative

> nameservers *were* for such sites.

Sorry, DNS doesn't work that way. Once your nameserver change has been submitted it goes to the root, and it never comes back to the submitting registrar. You are confusing DNS with WHOIS. In DNS, the root zone file contains EVERY domain, the name servers assigned, and even glue records which contain the IP addresses of those servers if the servers are under your own domain and are set up properly.

0
0

Page:

This topic is closed for new posts.