back to article 1&1 goes titsup, blames lengthy outage on DDoS attack

UK hosting company 1&1 went titsup late on Tuesday night and struggled to recover this morning, after claiming it had been the victim of a Distributed-Denial-of-Service (DDoS) attack. The website collapsed shortly before 10pm yesterday, and it has taken 1&1 a full 12 hours to get its service back up and running. Readers who …

  1. Anonymous Coward
    Anonymous Coward

    yes...

    I expect three nines monthly for my .99 pounds.

    1. Lee D Silver badge

      Re: yes...

      If you think that's all 1&1 do you might want to look at their website.

      Last time I dealt with them, I was pricing up a "hexi-deca-core" dedicated server at something ludicrous like £1000 a month, but that was a few years ago.

      Granted, they aren't the best out there, but if you can't get into the domain management interface to manage things that may be relevant to a £12k per annum server, it's a bit more serious than grandpa not being able to get on his family photos site.

      1. werdsmith Silver badge

        Re: yes...

        I guess a problem with hosting providers is if one single client upsets someone and suffers a DDOS in retaliation then it affects all the other tenants.

        1. Anonymous Coward
          Anonymous Coward

          Re: yes...

          It does, but how much it affects them varies with provider.

          There's a huge and legitimate market for low cost server hosting, and 1 and 1 are somewhere toward the budget end without being super duper budget.

          However, assuming companies that have been around long enough that their business model is road tested, a higher monthly charge buys a higher level of service that includes both people watching the network, more network capacity to absorb this kind of thing and more sophisticated network devices to offload it without affecting everyone else.

          A lower monthly charge gives more overselling of shared resources and fewer people paying attention to what's going on to quickly resolve them, so a higher chance that other peoples' dramas will cascade into yours.

        2. Roj Blake Silver badge

          Re: yes...

          "I guess a problem with hosting providers is if one single client upsets someone and suffers a DDOS in retaliation then it affects all the other tenants."

          It depends really if they've invested in the infrastructure to mitigate such things.

    2. Snorlax Silver badge
      Joke

      Re: yes...

      "I expect three nines monthly for my .99 pounds."

      9.99% seems about right.

  2. AustinTX

    Maybe more than just DOS

    By an amazing coincidence, I just registered a domain with 1and1... Most everything seemed to go ok, other than it taking a really long time before recognizing my new control panel login credentials.

    One thing that happened which I haven't been able to replicate in another browser is that Firefox prompted me to override and allow a self-signed certificate. Would have thought they would have the expensive NSA-friendly type. So I may have been victimized by a man-in-the-middle, who knows.

  3. Mage Silver badge

    Confirmed

    My Kansas hosting is down.

    Still, over the last year it's been better than Microsoft and many other Clouds/Hosting.

    If it's not back soon, I'll worry. Is the UK and German hosting down too?

  4. Anonymous Coward
    Anonymous Coward

    > UK hosting company 1&1

    1&1 are German.

    For some reason all the 'external links' on their wikipedia page point to Youtube videos about century eggs :/

    1. Mage Silver badge

      German?

      Which site you get depends where you live.

      They have UK hosting (but you need a UK address).

      If your address is in some European countries you can only order via .com and you get US (Kansas) Hosting,

      My Kansas hosting is still down via Web, but my control panel and SFTP is OK. So my content is still there. Perhaps DNS will take a while to catch up?

      1. Anonymous Coward
        Anonymous Coward

        Re: German?

        > Which site you get depends where you live.

        I have had no end of UK businesses bitching to me about poor search engine rankings and it usually turns out that 1&1 are hosting them from Germany. They are then getting spanked by Google because they are not were they purport to be.

        1&1 may have sites in the UK and the US, but they are very much a German company.

  5. Warm Braw

    I got an email this morning...

    ... from their "Head of Customer Service Web Hosting" asking if I would complete a satisfaction survey.

    At least you can't accuse them of trying to game the results by selective timing...

  6. Mage Silver badge

    Hmm..

    1and1.com

    1and1.co.uk

    and

    1und1.de

    are all up though.

    1. wolfetone Silver badge

      Re: Hmm..

      Would make some sense. Move the company websites and DNS system to another place and split them off from the customer systems. So if the customer system goes down, the customer has a place to go and vent their frustration.

  7. Mage Silver badge

    Nothing much to read ...

    Start:

    12/09/2014 4:50 PM

    Estimated end:

    Unknown

    Last update:

    12/09/2014 5:37 PM

    Type:

    Incident

    Affected services:

    Website

    Description:

    Some customers may currently be experiencing website issues within their 1&1 webhosting package due to DDoS attacks.

    Status updates:

    12/09/2014 5:37 PM

    Our engineers have identified the problem and are working to resolve it as quickly as possible.

    1. Timbo

      Re: Nothing much to read ...

      and the UK website (http://status-1and1.co.uk/#Fault report) says:

      Start:09/12/2014 9:50 PM

      Probable end:Unknown

      Last update:09/12/2014 10:37 PM

      Event:Fault report

      Affected products:Website

      Description:

      Some customers may currently be experiencing website issues within their 1&1 webhosting package

      Updates:

      09/12/2014 10:37 PM

      Our engineers have identified the problem and are working to resolve it as quickly as possible.

  8. Anonymous Coward
    Anonymous Coward

    Not what they said to us

    that's not what they said to us via email

    Guess it was a standard template response....

    "Thank you for contacting us.

    We sincerely apologize for the inconvenience that this technical glitch has brought you. This is a bug on the system that is already known and reported to our developers. "

  9. Craig Chambers

    Not just hosting, but also DNS

    I use their domain reg and DNS services and I was unable to SSH into my server last night at about 8pm via the domain name as DNS requests for my domain were returning no response. it was working OK again by 10 pm, but I guess it may have been intermittent.

  10. Stumpy

    So glad I dropped 1&1 last year for my hosting requirements.

    I got so sick and tired of their hard sell tactics for their 'value added' services (like their website builder). Eventually jumped ship when after a particularly obnoxious sales drone called from the USA to try to sell me the services yet again, whom I politely informed that I was not interested. Anyhow, I then found on my next invoice a charge for 12 months pre-payment for the website builder. Took me a further 2 months to get all the charges reversed and them to eventually transfer my domains and close my accounts.

    Now with Vidahost and have never been more satisfied with a hosting provider. (And I'm paying less for three years domain registration and hosting with them than I was paying 1&1 per quarter).

  11. bigtimehustler

    The company that asks for your password to confirm your identity when you call them up...not much faith in any of their security!

    1. Splatcat

      That doesn't annoy me half as much as companies who do it when they call you. Last time someone from the bank called I not only refused but asked them for the 3rd and 4th characters of my password to prove who they were. That was met by the normal "data protection" rubbish (I was giving permission therefore OK) so I told them to write to me.

  12. Darren B

    apologies everyone, I had deployed a website update to my 1and1 VPS last night

    my bad

    1. Destroy All Monsters Silver badge
  13. Kevin McMurtrie Silver badge

    Which way was that DDoS facing?

    I had been receiving lots of spam and dictionary attacks from compromised 1 & 1 hosts until just recently (more than usual).

  14. Mage Silver badge

    Toto ... we're back in Kansas

    All back now.

    Someone fed the Hamsters.

  15. Thorny

    1&1 were absolutely terrible when we used them in 2011

    We went with 1&1 back in 2011 for a dedicated Windows server - liked the ability to adjust the RAM, CPU and disk space of the hosted VM independently of one another plus their price was good. We were hosting some web based software as well as the SQL database backend - it was only for a few dozen users at the time.

    Server died just before Christmas 2011 (yeah, nice!) and I spent day after Boxing Day restoring the bloody thing when it was finally accessible again. Support were an absolute joke at the time, proceeding to re-image my server the very next day, without asking me first, just after I had completed everything.

    We also purchased a domain and email service for a new company starting out under our wing - after a few months they wanted to manage, and pay, for their domain, emails themselves. This took several dozen emails back and forth, involving about half a dozen 'support' staff - just to transfer the ownership and billing of an account to another person.

    Moved the system to a more expensive 'fanatical' company a few days later and haven't looked back. Used other UK based companies for domains since then too.

    Glad I did now.

  16. Anonymous Coward
    Anonymous Coward

    When chosing a host, I always ask a leading question....

    Do you support SPF ?....

    For this reason - and their sharing of customers' email addresses with "trusted third parties" (until the opt-out takes effect) - I will host elsewhere.

    1. ncardwell

      Re: When chosing a host, I always ask a leading question....

      learnt the hard way on that one with 2 domains for 2 companies moving to office 365...

    2. streaky

      Re: When chosing a host, I always ask a leading question....

      Guess this rules out google? :)

  17. Anonymous Coward
    Anonymous Coward

    No IDS/IPS?

    Most hosting companies serious about security have a functional IDS/IPS system and GSLB (global server load balancing) to mitigate in the first instance and alleviate in the second.

    1. Anonymous Coward
      Anonymous Coward

      Re: No IDS/IPS?

      IDS/IPS won't kill a big DDoS of the kind waged at ISPs you need expensive (e.g. Arbor) DDoS mitigation gear outside your core routers. A lot of UK ISPs see them as an extravagance and/or charge customers to be behind them rather than seeing the value add for customers and the protection they give to their gear to stop them looking like incompetent tools.

      Some do, I won't list them - not least because I work for one of them (in a technical capacity not sales or anything) and people will get upset but as somebody who's worked in - and thrown criticism-based grenades at - the industry for a long time; it's something to watch out for.

  18. polandro

    Rubbish Company

    Constantly blacklisted on Spamhaus, etc. Nightmare to contact. The immortal kundenserver.de almost begs to be DDOS'ed.

    1. Mage Silver badge

      Re: Rubbish Company

      Plenty are worse. You can pay more and have worse too.

      It's very hard to tell.

      One incident isn't the deciding factor either.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like