Go Daddy largely unavailable for over 4 hours - Hacker revenge or SNAFU?

Filed Under: Denial of Service, Featured, Vulnerability

Go Daddy logoGo Daddy, the largest internet domain registrar in the world, was largely offline today for more than four hours. In addition to being the largest supplier of domains, Go Daddy also services many of those domains with DNS, email and web hosting services, all of which were sporadically available.

Immediately the rumor mill kicked into high gear and people were speculating that Anonymous must be DDoSing the internet giant. Go Daddy has been a popular target for the "99%" since they publicly announced support for the Stop Online Piracy Act (SOPA) in late 2011.

While it isn't known whether they were under attack or simply suffering from a hardware or software failure en masse, that didn't stop a Twitter account from Brazil that is loosely affiliated with Anonymous from taking credit for the outage.

As Go Daddy has slowly been coming back online it is becoming clear that the failure is in their DNS infrastructure. Unfortunately for Go Daddy customers, most of them are using Go Daddy DNS, even if they host their websites and email servers elsewhere.

According to Wired, Go Daddy has migrated its DNS records to their chief competitor, VeriSign. I am not seeing any evidence of this at the moment, but different people are experiencing different results from around the world.

Unfortunately attacks on the DNS infrastructure are nothing new. It is possible for a relatively small number of hosts to perform a DNS reflection attack against poorly configured DNS hosts.

There are ways of mitigating DNS attacks, but we are still not sure that is what occurred here. It might be a good time to review your critical infrastructure and ask your service providers what capabilities they have to ensure your business stays online if you are targeted or have equipment failures.

, , ,

You might like

6 Responses to Go Daddy largely unavailable for over 4 hours - Hacker revenge or SNAFU?

  1. Vinay · 734 days ago

    Chester - a quick nslookup on the name server records for godaddy.com shows that they are indeed using Verisign's DNS services.

  2. Xalman Xhan · 734 days ago

    Lately, it seems like there have been a number of high profile outages. Whether it is the numerous outages at Amazon AWS, Google Apps, or this recent GoDaddy outage – one trend is that these are all very large infrastructures. With size comes attention. And with that attention, one must be vigilant.

  3. @DomainIncite · 734 days ago

    Verisign is not a Go Daddy competitor.

    Verisign is the .com registry, and Go Daddy is one of its registrars.

  4. controltheweb · 734 days ago

    Anon member claimed responsibility in this tweet: https://twitter.com/AnonOpsLegion/status/24521863...

    …so saying "…people were speculating that Anonymous must be DDoSing the internet giant" seems like misreporting.

    If you wanted to go with "speculation," something such as "People speculating that the Anonymous member claiming to have taken the internet giant offline might be telling the truth" would have been accurate.

  5. @sambowne · 734 days ago

    This page checks the SOA from many resolvers and some of them are still showing Verisign:

    Global DNS Propagation Checker - http://www.whatsmydns.net/#SOA/Godaddy.com

  6. David · 734 days ago

    <flame>
    This is another good reason not to use Go Daddy. There are plenty of other companies that provide better service, some of which have customer service people who actually answer the phone. Go Daddy is the last company I would ever use to register a domain or host my web site.

    I have heard from business owners that Go Daddy is heavy-handed about confiscating domains from the businesses that registered the domains if there is any allegation of wrong-doing, without making any due diligence to substantiate the claims. How would you like your company web site taken down because a competitor thought it would be fun to tell Go Daddy that they were receiving spam from your domain?
    </flame>

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.