back to article 1&1 goes titsup, blames lengthy outage on DDoS attack

UK hosting company 1&1 went titsup late on Tuesday night and struggled to recover this morning, after claiming it had been the victim of a Distributed-Denial-of-Service (DDoS) attack. The website collapsed shortly before 10pm yesterday, and it has taken 1&1 a full 12 hours to get its service back up and running. Readers who …

Anonymous Coward

yes...

I expect three nines monthly for my .99 pounds.

3
1
Silver badge

Re: yes...

If you think that's all 1&1 do you might want to look at their website.

Last time I dealt with them, I was pricing up a "hexi-deca-core" dedicated server at something ludicrous like £1000 a month, but that was a few years ago.

Granted, they aren't the best out there, but if you can't get into the domain management interface to manage things that may be relevant to a £12k per annum server, it's a bit more serious than grandpa not being able to get on his family photos site.

0
0
Bronze badge
Joke

Re: yes...

"I expect three nines monthly for my .99 pounds."

9.99% seems about right.

2
0
Silver badge

Re: yes...

I guess a problem with hosting providers is if one single client upsets someone and suffers a DDOS in retaliation then it affects all the other tenants.

0
0
Anonymous Coward

Re: yes...

It does, but how much it affects them varies with provider.

There's a huge and legitimate market for low cost server hosting, and 1 and 1 are somewhere toward the budget end without being super duper budget.

However, assuming companies that have been around long enough that their business model is road tested, a higher monthly charge buys a higher level of service that includes both people watching the network, more network capacity to absorb this kind of thing and more sophisticated network devices to offload it without affecting everyone else.

A lower monthly charge gives more overselling of shared resources and fewer people paying attention to what's going on to quickly resolve them, so a higher chance that other peoples' dramas will cascade into yours.

0
0
Silver badge

Re: yes...

"I guess a problem with hosting providers is if one single client upsets someone and suffers a DDOS in retaliation then it affects all the other tenants."

It depends really if they've invested in the infrastructure to mitigate such things.

0
0

Maybe more than just DOS

By an amazing coincidence, I just registered a domain with 1and1... Most everything seemed to go ok, other than it taking a really long time before recognizing my new control panel login credentials.

One thing that happened which I haven't been able to replicate in another browser is that Firefox prompted me to override and allow a self-signed certificate. Would have thought they would have the expensive NSA-friendly type. So I may have been victimized by a man-in-the-middle, who knows.

0
1
Silver badge

Confirmed

My Kansas hosting is down.

Still, over the last year it's been better than Microsoft and many other Clouds/Hosting.

If it's not back soon, I'll worry. Is the UK and German hosting down too?

0
0
Anonymous Coward

> UK hosting company 1&1

1&1 are German.

For some reason all the 'external links' on their wikipedia page point to Youtube videos about century eggs :/

0
1
Silver badge

German?

Which site you get depends where you live.

They have UK hosting (but you need a UK address).

If your address is in some European countries you can only order via .com and you get US (Kansas) Hosting,

My Kansas hosting is still down via Web, but my control panel and SFTP is OK. So my content is still there. Perhaps DNS will take a while to catch up?

0
0
Anonymous Coward

Re: German?

> Which site you get depends where you live.

I have had no end of UK businesses bitching to me about poor search engine rankings and it usually turns out that 1&1 are hosting them from Germany. They are then getting spanked by Google because they are not were they purport to be.

1&1 may have sites in the UK and the US, but they are very much a German company.

0
0
Silver badge

I got an email this morning...

... from their "Head of Customer Service Web Hosting" asking if I would complete a satisfaction survey.

At least you can't accuse them of trying to game the results by selective timing...

0
0
Silver badge

Hmm..

1and1.com

1and1.co.uk

and

1und1.de

are all up though.

0
0
Silver badge

Re: Hmm..

Would make some sense. Move the company websites and DNS system to another place and split them off from the customer systems. So if the customer system goes down, the customer has a place to go and vent their frustration.

0
0
Silver badge

Nothing much to read ...

Start:

12/09/2014 4:50 PM

Estimated end:

Unknown

Last update:

12/09/2014 5:37 PM

Type:

Incident

Affected services:

Website

Description:

Some customers may currently be experiencing website issues within their 1&1 webhosting package due to DDoS attacks.

Status updates:

12/09/2014 5:37 PM

Our engineers have identified the problem and are working to resolve it as quickly as possible.

0
0

Re: Nothing much to read ...

and the UK website (http://status-1and1.co.uk/#Fault report) says:

Start:09/12/2014 9:50 PM

Probable end:Unknown

Last update:09/12/2014 10:37 PM

Event:Fault report

Affected products:Website

Description:

Some customers may currently be experiencing website issues within their 1&1 webhosting package

Updates:

09/12/2014 10:37 PM

Our engineers have identified the problem and are working to resolve it as quickly as possible.

0
0
Anonymous Coward

Not what they said to us

that's not what they said to us via email

Guess it was a standard template response....

"Thank you for contacting us.

We sincerely apologize for the inconvenience that this technical glitch has brought you. This is a bug on the system that is already known and reported to our developers. "

1
0

Not just hosting, but also DNS

I use their domain reg and DNS services and I was unable to SSH into my server last night at about 8pm via the domain name as DNS requests for my domain were returning no response. it was working OK again by 10 pm, but I guess it may have been intermittent.

0
0

So glad I dropped 1&1 last year for my hosting requirements.

I got so sick and tired of their hard sell tactics for their 'value added' services (like their website builder). Eventually jumped ship when after a particularly obnoxious sales drone called from the USA to try to sell me the services yet again, whom I politely informed that I was not interested. Anyhow, I then found on my next invoice a charge for 12 months pre-payment for the website builder. Took me a further 2 months to get all the charges reversed and them to eventually transfer my domains and close my accounts.

Now with Vidahost and have never been more satisfied with a hosting provider. (And I'm paying less for three years domain registration and hosting with them than I was paying 1&1 per quarter).

0
0

The company that asks for your password to confirm your identity when you call them up...not much faith in any of their security!

1
0

That doesn't annoy me half as much as companies who do it when they call you. Last time someone from the bank called I not only refused but asked them for the 3rd and 4th characters of my password to prove who they were. That was met by the normal "data protection" rubbish (I was giving permission therefore OK) so I told them to write to me.

3
0

apologies everyone, I had deployed a website update to my 1and1 VPS last night

my bad

0
0
Silver badge

As if!

0
0
Silver badge

Which way was that DDoS facing?

I had been receiving lots of spam and dictionary attacks from compromised 1 & 1 hosts until just recently (more than usual).

0
0
Silver badge

Toto ... we're back in Kansas

All back now.

Someone fed the Hamsters.

1
0

1&1 were absolutely terrible when we used them in 2011

We went with 1&1 back in 2011 for a dedicated Windows server - liked the ability to adjust the RAM, CPU and disk space of the hosted VM independently of one another plus their price was good. We were hosting some web based software as well as the SQL database backend - it was only for a few dozen users at the time.

Server died just before Christmas 2011 (yeah, nice!) and I spent day after Boxing Day restoring the bloody thing when it was finally accessible again. Support were an absolute joke at the time, proceeding to re-image my server the very next day, without asking me first, just after I had completed everything.

We also purchased a domain and email service for a new company starting out under our wing - after a few months they wanted to manage, and pay, for their domain, emails themselves. This took several dozen emails back and forth, involving about half a dozen 'support' staff - just to transfer the ownership and billing of an account to another person.

Moved the system to a more expensive 'fanatical' company a few days later and haven't looked back. Used other UK based companies for domains since then too.

Glad I did now.

1
0
Anonymous Coward

When chosing a host, I always ask a leading question....

Do you support SPF ?....

For this reason - and their sharing of customers' email addresses with "trusted third parties" (until the opt-out takes effect) - I will host elsewhere.

1
1

Re: When chosing a host, I always ask a leading question....

learnt the hard way on that one with 2 domains for 2 companies moving to office 365...

1
0
Silver badge

Re: When chosing a host, I always ask a leading question....

Guess this rules out google? :)

0
0
Anonymous Coward

No IDS/IPS?

Most hosting companies serious about security have a functional IDS/IPS system and GSLB (global server load balancing) to mitigate in the first instance and alleviate in the second.

0
1
Anonymous Coward

Re: No IDS/IPS?

IDS/IPS won't kill a big DDoS of the kind waged at ISPs you need expensive (e.g. Arbor) DDoS mitigation gear outside your core routers. A lot of UK ISPs see them as an extravagance and/or charge customers to be behind them rather than seeing the value add for customers and the protection they give to their gear to stop them looking like incompetent tools.

Some do, I won't list them - not least because I work for one of them (in a technical capacity not sales or anything) and people will get upset but as somebody who's worked in - and thrown criticism-based grenades at - the industry for a long time; it's something to watch out for.

0
0

Rubbish Company

Constantly blacklisted on Spamhaus, etc. Nightmare to contact. The immortal kundenserver.de almost begs to be DDOS'ed.

1
1
Silver badge

Re: Rubbish Company

Plenty are worse. You can pay more and have worse too.

It's very hard to tell.

One incident isn't the deciding factor either.

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2017