Thousands — possibly millions — of Go Daddy customers suffered a four-hour outage last night, during a suspected distributed denial of service attack.
The company has not yet revealed the cause of the downtime, which started at 1725 UTC last night, but it bears many of the signs of DDoS against the company’s DNS servers.
During the incident, godaddy.com was inaccessible. DI hosts with Go Daddy; domainincite.com and secureserver.net, the domain Go Daddy uses to provide its email services, were both down.
The company issued the following statement:
At 10:25 am PT, GoDaddy.com and associated customer services experienced intermittent outages. Services began to be restored for the bulk of affected customers at 2:43 pm PT. At no time was any sensitive customer information, such as credit card data, passwords or names and addresses, compromised. We will provide an additional update within the next 24 hours. We want to thank our customers for their patience and support.
Several Go Daddy sites I checked remained accessible from some parts of the world initially, only to disappear later.
Others reported that they were able to load their Go Daddy webmail, but that no new emails were getting through.
This all points to a problem with Go Daddy’s DNS, rather than with its hosting infrastructure. People able to view affected sites were likely using cached copies of DNS records.
Close to 34 million domains use domaincontrol.com, Go Daddy’s primary name server, for their DNS. The company says it has over 10 million customers.
Reportedly, Go Daddy started using Verisign’s DNS for its home page during the event, which would also point to a DNS-based attack.
The outage was so widespread that the words “GoDaddy” and “DNS” quickly became trending topics on Twitter.
The web site downforeveryoneorjustme.com, which does not use Go Daddy, also went down as thousands of people rushed to check whether their web sites were affected.
Some outlets reported that Anonymous, the hacker group, had claimed credit for the attack via an anonymous (small a) Twitter account.
Companies the size of Go Daddy experience DDoS attacks on a daily basis, and they build their infrastructure with sufficient safeguards and redundancies to handle the extra traffic.
This leads me to believe that either yesterday’s attack was either especially enormous, or that somebody screwed up.
The fact that the company has not yet confirmed that external malicious forces were at work is worrying.
Either way it’s embarrassing for Go Daddy, which is applying for three new gTLDs which it plans to self-host.
Several reports have already speculated that the attack could be revenge for one or more of Go Daddy’s recent PR screw-ups.
The company has promised an update later today.
Architelos, having consulted on about 50 new gTLD applications, has refocused on its longer-term software-based game plan with the recent launch of a new anti-abuse tool for registries.
NameSentry is a software-as-a-service offering, currently being trialed by an undisclosed number of potential customers, designed to make it easier to track abusive domains.
Architelos gave us a demo of the web site yesterday.
The service integrates real-time data feeds from up to nine third-party blocklists – such as SURBL and SpamHaus – into one interface, enabling users to see how many domains in their TLD are flagged as abusive.
Users can then drill down to see why each domain has been flagged – whether it’s spamming, phishing, hosting malware, etc – and, with built-in Whois, which registrar is responsible for it.
There’s also the ability to generate custom abuse reports on the fly and to automate the sending of takedown notices to registrars.
CEO Alexa Raad and CTO Michael Young said the service can help streamline the abuse management workflow at TLD registries.
Currently, Architelos is targeting mainly ccTLDs – there’s more of them – but before too long it expects start signing new gTLD registries as they start coming online.
With many new gTLD applicants promising cleaner-than-clean zones, and with governments leaning on their ccTLDs in some countries, there could be some demand for services such as this.
NameSentry is priced on a subscription basis, based on the size of the TLD zone.
ICANN has brought its new gTLD program customer service portal back online after about five days of patching-related downtime.
A recent, proactive review of the CSC system identified potential vulnerabilities. To address these vulnerabilities, the CSC portal was taken offline while vendor-provided patches were applied. There have been no known compromises to any data.
New gTLD applicants will now have to log in to their TLD Application System accounts, which use the Citrix remote terminal software, to use their customer service tools.
Non-applicants will be able to ask customer service questions via email.
The Knowledge Base — essentially a program FAQ — is still offline, but ICANN said it hopes to bring it back up within a few days.
ICANN has temporarily blocked access to its newly revealed new gTLD applications after accidentally publishing the home addresses of many applicants.
Some applicants noticed today that the personal contact information of their named primary and secondary contacts had been published during yesterday’s Big Reveal.
In many cases this included these employees’ home addresses, despite the fact that the Applicant Guidebook specifically states that this information would not be published.
After being notified of the snafu by DI, ICANN confirmed that the addresses were published by mistake.
It’s taken down all the applications and will republish them later with the private data removed.
“This was an oversight and the files have been pulled down,” ICANN’s manager of gTLD communications Michele Jourdan said. “We are working on bringing them back up again without this information.”
It’s another big data leakage embarrassment for ICANN, following the recent outage caused by the TLD Application System bug.
It’s not likely to win ICANN any friends in the dot-brand community, where ICANN’s demands for background information on applicants’ directors caused huge procedural problems for many companies.
For applicants for controversial gTLDs, the revelation of this private data may carry its own set of risks.
Customers of major UK domain registrar 123-reg suffered a couple of hours of downtime this afternoon due to an apparently “massive” denial of service attack.
The attack targeted its DNS servers and originated in China, according to a report in The Register.
Users reported sites offline or with spotty availability, but the company managed to mitigate the effects of the attack fairly quickly. It’s now reporting mostly normal service.
123-reg, part of the Host Europe Group, has hundreds of thousands of domains under management in the gTLD space alone.