What the hell happened to Go Daddy last night?
Thousands — possibly millions — of Go Daddy customers suffered a four-hour outage last night, during a suspected distributed denial of service attack.
The company has not yet revealed the cause of the downtime, which started at 1725 UTC last night, but it bears many of the signs of DDoS against the company’s DNS servers.
During the incident, godaddy.com was inaccessible. DI hosts with Go Daddy; domainincite.com and secureserver.net, the domain Go Daddy uses to provide its email services, were both down.
The company issued the following statement:
At 10:25 am PT, GoDaddy.com and associated customer services experienced intermittent outages. Services began to be restored for the bulk of affected customers at 2:43 pm PT. At no time was any sensitive customer information, such as credit card data, passwords or names and addresses, compromised. We will provide an additional update within the next 24 hours. We want to thank our customers for their patience and support.
Several Go Daddy sites I checked remained accessible from some parts of the world initially, only to disappear later.
Others reported that they were able to load their Go Daddy webmail, but that no new emails were getting through.
This all points to a problem with Go Daddy’s DNS, rather than with its hosting infrastructure. People able to view affected sites were likely using cached copies of DNS records.
Close to 34 million domains use domaincontrol.com, Go Daddy’s primary name server, for their DNS. The company says it has over 10 million customers.
Reportedly, Go Daddy started using Verisign’s DNS for its home page during the event, which would also point to a DNS-based attack.
The outage was so widespread that the words “GoDaddy” and “DNS” quickly became trending topics on Twitter.
The web site downforeveryoneorjustme.com, which does not use Go Daddy, also went down as thousands of people rushed to check whether their web sites were affected.
Some outlets reported that Anonymous, the hacker group, had claimed credit for the attack via an anonymous (small a) Twitter account.
Companies the size of Go Daddy experience DDoS attacks on a daily basis, and they build their infrastructure with sufficient safeguards and redundancies to handle the extra traffic.
This leads me to believe that either yesterday’s attack was either especially enormous, or that somebody screwed up.
The fact that the company has not yet confirmed that external malicious forces were at work is worrying.
Either way it’s embarrassing for Go Daddy, which is applying for three new gTLDs which it plans to self-host.
Several reports have already speculated that the attack could be revenge for one or more of Go Daddy’s recent PR screw-ups.
The company has promised an update later today.
At least, it will probably won’t happen twice. I’ll stick to them.
Me too. First problem I have ever had with Godaddy in the 3 years I have been with them. And I have about 30 websites hosted with Godaddy.
it was an hacktivist according to http://www.gulli.com/news/19676-hacktivisten-legen-domain-registrar-godaddy-lahm-2012-09-11
GoDaddy are shocking as a registrar though. I’ve worked closely with them in the past three years on behalf of my clients and they’re always let me and my clients down.
You’re better off going somewhere else, at very least, somewhere that killing elephants is frowned apon and just doesn’t happen.
http://www.domainmonster.com, best registrar for non-corporate domains!
Agreed regarding elephant hunting but Bob is not in place anymore right?
GoDaddy “always let me and my clients down” ? Then
why have you been working with them “closely” for
the past 3 years?
If your going to spam another registry, at least tell us about the problems you had with GoDaddy.
And disclose any connection you have with them. Perhaps explain why they’re so great.
I did not see a dip in traffic, although most of the sites I have are hosted elsewhere, the nameservers still are w/godaddy…interesting to see if their is a delayed cache problem today.