Thousands — possibly millions — of Go Daddy customers suffered a four-hour outage last night, during a suspected distributed denial of service attack.
The company has not yet revealed the cause of the downtime, which started at 1725 UTC last night, but it bears many of the signs of DDoS against the company’s DNS servers.
During the incident, godaddy.com was inaccessible. DI hosts with Go Daddy; domainincite.com and secureserver.net, the domain Go Daddy uses to provide its email services, were both down.
The company issued the following statement:
At 10:25 am PT, GoDaddy.com and associated customer services experienced intermittent outages. Services began to be restored for the bulk of affected customers at 2:43 pm PT. At no time was any sensitive customer information, such as credit card data, passwords or names and addresses, compromised. We will provide an additional update within the next 24 hours. We want to thank our customers for their patience and support.
Several Go Daddy sites I checked remained accessible from some parts of the world initially, only to disappear later.
Others reported that they were able to load their Go Daddy webmail, but that no new emails were getting through.
This all points to a problem with Go Daddy’s DNS, rather than with its hosting infrastructure. People able to view affected sites were likely using cached copies of DNS records.
Close to 34 million domains use domaincontrol.com, Go Daddy’s primary name server, for their DNS. The company says it has over 10 million customers.
Reportedly, Go Daddy started using Verisign’s DNS for its home page during the event, which would also point to a DNS-based attack.
The outage was so widespread that the words “GoDaddy” and “DNS” quickly became trending topics on Twitter.
The web site downforeveryoneorjustme.com, which does not use Go Daddy, also went down as thousands of people rushed to check whether their web sites were affected.
Some outlets reported that Anonymous, the hacker group, had claimed credit for the attack via an anonymous (small a) Twitter account.
Companies the size of Go Daddy experience DDoS attacks on a daily basis, and they build their infrastructure with sufficient safeguards and redundancies to handle the extra traffic.
This leads me to believe that either yesterday’s attack was either especially enormous, or that somebody screwed up.
The fact that the company has not yet confirmed that external malicious forces were at work is worrying.
Either way it’s embarrassing for Go Daddy, which is applying for three new gTLDs which it plans to self-host.
Several reports have already speculated that the attack could be revenge for one or more of Go Daddy’s recent PR screw-ups.
The company has promised an update later today.