back to article Websites stagger to feet, Network Solutions wears off DDoS hangover

Web-hosting biz and domain-name registrar Network Solutions was pummelled offline by attackers last night - and took its customers' websites down with it. The distributed denial-of-service assault (DDoS) lasted for about two or three hours before the US company was able to mitigate the effects and get its systems back online. …

COMMENTS

This topic is closed for new posts.
  1. Alister

    Unlike compromised home PCs, there really is no excuse for compromised web servers.

    The vast majority of web servers are managed by someone who is paid to do it, and therefore should be responsible and competent enough to either stop the compromise in the first place, or be able to detect and remove any malicious software if an infection occurs.

    If a server is identified as one of the sources of a DDoS attack then it's owner / operator should be notified, and sanctions applied if it's not fixed.

    1. Jamie Jones Silver badge

      I agree. The amount of times I've heard of web-application bugs being used to install malware by modifying files is mad.

      It's simple enough to make all code files owned by a different user to the one running the web server.

      Also, simple firewall rules can stop an account making outbound calls.

      I suspect the main culprits are the systems that give users a single non-root username - sometimes with only ftp access!

      Think how many non-techie people run their own wordpress or phpbb etc. under such an environment.

    2. Antonymous Coward
      Holmes

      >Unlike compromised home PCs, there really is no excuse for compromised web servers.

      Incompetence.

      Admin, code or often both. Was it "nimda" or "code red" that infected hordes of servers when a software vendor advised customers to install an emergency patch from their (infected) servers?

    3. Anonymous Coward
      Anonymous Coward

      @Alister

      "Unlike compromised home PCs, there really is no excuse for compromised web servers."

      Agreed, but there should be even less excuses not to act against such servers, which is in my opinion the main problem.

      If you noticed Internet abuse and then notified the involved parties then it remains to be seen if anything is done against it. More than often people let it slide because apparently they either can't be bothered to fix it or they don't want to upset their customers.

  2. Anonymous Coward
    Anonymous Coward

    dream on

    The vast majority of web servers are not managed by anyone at all. Many will simply be wordpress or similar sites which once set up by their point and click owners are rarely if every upgraded and thus open to every expoloit going. The underlying systems on such services are probably never upgraded either as that would break too many of their customers sites. So sadly in the real world there are plenty of web servers to exploit.

    Even identifying the owner/operator as you put it of a site can be damn near impossible sometimes, getting a hosting company to take down a site/server is even harder even when it's clearly a fraudlent banking clone.

    The good ones spot the issue and block until it is cleaned up.

    Sadly we don't live in a perfect world.

    1. Alister

      Re: dream on

      The vast majority of web servers are not managed by anyone at all. Many will simply be wordpress or similar sites which once set up by their point and click owners are rarely if every upgraded and thus open to every expoloit going. The underlying systems on such services are probably never upgraded either as that would break too many of their customers sites. So sadly in the real world there are plenty of web servers to exploit.

      You're confusing websites, and web servers. Yes there are thousands of "fire and forget" web sites out there, but they nearly all sit on managed servers provided by a hosting company. It is the hosting company's responsibility to manage and monitor the server, not the site owners. And it is the hosting company that should be penalised, if one of their servers is part of a DDoS attack and they don't do anything about it.

  3. Don Jefe

    Upgrades

    Looks like the NSA botched a system upgrade.

    1. Anonymous Coward
      Anonymous Coward

      Re: Upgrades

      "NSA" "jokes" are tired now.

  4. Anonymous Coward
    Anonymous Coward

    Perfect weapon

    There are some harsh comments above but a web server is always on and public facing. it is far better to attack than a home PC because it will sit there and suffer while you keep trying. Admins get the blame but they are trying to protect a prize goose while standing alone in a crowd of customers and attackers. The web server must be accessible, but only by the right people. Who is the right people? Payloads and attacks are delivered in many ways and that leads to developers who make a mistake or outright cowboy. The admin can do his best but a developer could mess up. But then there are workers in the company who could compromise their machine and let an attacker onto the network!!! A small business wont have a lot of separation between servers and their primary network and so again.

    It is easy to blame the few guys plugging the many holes but there are a lot of ways to be compromised. And once compromised you may not know about it, you may be part of a DDOS and know nothing about it. Because your server is owned!

    1. Alister

      Re: Perfect weapon

      It is easy to blame the few guys plugging the many holes but there are a lot of ways to be compromised. And once compromised you may not know about it, you may be part of a DDOS and know nothing about it. Because your server is owned!

      If your server is being used as part of a DDoS attack and you don't know about it, then you're doing it wrong.

      The most rudimentary traffic and resources monitoring should highlight that the server is doing something it shouldn't.

      1. Anonymous Coward
        Anonymous Coward

        Re: Perfect weapon

        @Alister

        "If your server is being used as part of a DDoS attack and you don't know about it, then you're doing it wrong.

        The most rudimentary traffic and resources monitoring should highlight that the server is doing something it shouldn't."

        And who will monitor it? Considering a lot of small businesses dont have a single IT competent among them yet they need the site to sell. Or they have a single IT competent who is tied up doing the flood of jobs they are buried under. What tools do you suggest as a lot of uni graduates are not really taught to do it.

        Obviously you are not talking of resource monitors on the server itself as a compromised server will lie.

  5. Anonymous Coward
    Anonymous Coward

    The fun has just begun

    Now the crims will end up in prison for the next 5 years. We'll see how they like the iron bar hotel.

    1. Shades

      Re: The fun has just begun

      You're still here then I see, Morris! You really should learn some new phrases!

  6. Andrew 99

    word press admin

    so as an admin of a small wordpress site, how would I know if my site has been compromised?

    I've bought space from a hosting company, I dont have access to network traffic monitoring tools. Any suggestions?

    1. Alister

      Re: word press admin

      so as an admin of a small wordpress site, how would I know if my site has been compromised?

      You shouldn't - your site sits on a server provided by and administered by a hosting company, and they should have the necessary monitoring in place, and it is their responsibility, not yours.

  7. ecofeco Silver badge
    Facepalm

    Net Sol?

    Wow. Just... wow.

  8. Anonymous Coward
    Anonymous Coward

    Monitoring..

    Oh look.. I just googled "website monitoring service" and now have around a gazillion (mainly free) choices to monitor my website up/down time...

    If anyone needs the website address its: www.google.com or in the uk www.google.co.uk, but if you go to google.com it is usually very clever and sends you to the country that your computer is located in, or potentially what the locale is set to.

This topic is closed for new posts.

Other stories you might like