GoDaddy taken down by Hackers... Milions without service

reply to post by wash777

because GoDaddy is the registrar and/or webhost of the most domains in the USA, and it happened on the eve of the 11 years anniversary of 9/11 i can't help but suspect this is some level of cyber "false flag"r practice thereof of taking down sites when the needs of our lovely democracy arises in addition to kill-switch all internet providers at the touch of a button.

t 10:25 am PT, GoDaddy.com and associated customer services experienced intermittent outages. Services began to be restored for the bulk of affected customers at 2:43 pm PT. At no time was any sensitive customer information, such as credit card data, passwords or names and addresses, compromised. We will provide an additional update within the next 24 hours. We want to thank our customers for their patience and support. Click to this close message.

how can their servers have been compromised but yet they're sure content was not? encryption, cant it liewise be hacked/decoded?

What are the chances that this is just an enormous screwup of GoDaddy, and there has been no attack?

The reason I think this may be possible:

1. I have heard from a friend that there have been a ton of stupid problems at GoDaddy this year, with e-mail going down for long periods of time, security certificates being inserted for the wrong clients, web sites being deleted or blocked for no reason. So it sounds like GoDaddy has some existing operational issues or general incompetence independent of this alleged attack.

2. It seems to me unlikely that GoDaddy wouldn't be able to fend off a DOS attack from ONE SINGLE INDIVIDUAL no matter how clever that person was. Consider -- GoDaddy is a major ISP and they should be able to quickly detect and block an attack coming from a few 1000 sources (perhaps not the million sources that an organization like Anonymous could mount against a site, but nobody is actually claiming that happened!) I note that Amazon successfully deflected a full-on attack by Anonymous earlier this year, and they are just a commercial site.

3. We haven't heard anything related to the nature of the attack, how it was implemented, whether there were any bots involved. Maybe that data will be forthcoming, but it seems strange to me that they haven't revealed any hard data on the nature of the attack.

HERE IS MY POINT: Is it possible that some incompetent GoDaddy administrator deleted the DNS data (or something similar) and GoDaddy is calling it an attack when its not? Just to cover themselves? The guy who claims credit for this attack may be lying. Or it maybe someone within GoDaddy posted that tweet. Is that impossible to believe?

This is all speculation on my part -- the fog of war, etc. But some of this doesn't add up to me. Maybe GoDaddy should quit indulging themselves in hunting big game, and first focus a little on the well-being of their customers. Even if this was an attack, as claimed, they have certainly revealed themselves to lack a certain prowess in running their business.

Even if this was a legitimate attack -- you can blame the arsonist, for sure, but you can also blame the building owners for not having adequate fire protection, sprinklers, fire doors, etc. IMO think that the GoDaddy customers (here and other places) have a good reason to be angry.

Very disappointing stuff.

GoDaddy was not "hacked". It was a DNS attack. For those that do not know. DNS is like a door and a DNS attack is quite literally several thousand (or however are needed) requests being sent at once, that pretty much any block everything.
Kind of like when there is a small door and 20 fat people trying to get through all at once.

Second of all shame on those of you who support a business who, support censorship of the internet.
www.youtube.com...

Originally posted by Fleshgod
GoDaddy was not "hacked". It was a DNS attack. For those that do not know. DNS is like a door and a DNS attack is quite literally several thousand (or however are needed) requests being sent at once, that pretty much any block everything.
Kind of like when there is a small door and 20 fat people trying to get through all at once.

Second of all shame on those of you who support a business who, support censorship of the internet.
www.youtube.com...

That´s not describing a DNS attack, that´s a DDoS (Distributed Denial of Service) attack. A DNS attack generally deletes or modifies the DNS entries for a host, either making it unreachable or redirecting traffic to another (fake) site.

Edit: By the way, I hope the problem gets resolved quickly (if it isn´t fixed yet) and that your online stores and what not will work again. I do not believe Anonymous is responsible here. Typical false flag operation, if there ever was one.

godaddy seemed to have had problems with it's US DNS. DNS is being handled by verisign now. Wondering if hardware or a employee killed their DNS system.

Ran across this bit of opinion....might be part of the situation.

GoDaddy's New "Selective DNS Blackouts" Policy
By R. Scott Perry on September 1, 2011

Since the beginning of the Internet, DNS (the protocol that converts domain names into IP addresses) has always been a sacred service. It is low cost, and mission critical. Blocking any DNS packets was always used as a last resort, only after all other options were exhausted, for fear of the consequences of what might happen. When you block DNS, you effectively block the web, E-mail, FTP, IM... just about everything.

Now that GoDaddy is a near monopoly (larger than the next 8 closest registrar competitors combined1), and just got bought out on July 1, 20112, they have decided they can defy the sacred. Customers be damned.

Less than a month after the new owners came on board, GoDaddy implemented a "Selective DNS Blackout" policy for all domains using their DNS hosting (roughly 32 million domains3). With this policy, they are choosing to allow their DNS servers to be underprovisioned4 (meaning that their servers are unable to gracefully handle their normal load). To prevent slow DNS, which would generate complaints quickly, they decided to block 100% of packets from hand-picked DNS servers based on volume and visibility. This reduces load somewhat, while making it difficult for customers to pinpoint GoDaddy as the problem.

A GoDaddy employee (who prefers to remain anonymous) confirmed that they have a policy in place to block DNS queries5, but their Advanced Technical Support Team refused to provide any details on the policy. The GoDaddy PR department declined to comment, but did not deny that the policy exists (they went silent after saying they would be happy to look into it). Perhaps the PR department realized that it will be a very controversial policy.
...
What seems more likely is that the new owners of GoDaddy are trying to improve on the "Premium DNS" service, which appears to have been a failure. The Premium DNS service started around January, 2011. However, it appears not to be meeting their sales goals (99% of domains using GoDaddy DNS hosting are still using the free service7).

More at Link

The service outage that hit the GoDaddy.com site was caused by an internal network problem, the company said Tuesday. The GoDaddy site suffered outages Monday which were originally reported as the result of a hacking attack. "It was not a 'hack' and it was not a denial of service attack," the company said. Instead, GoDaddy said the outage was "due to a series of internal network events that corrupted router data tablets."

www.marketwatch.com...


seems it was nothing to do with hackers or any attack.

all the whingers giving about the hackers can shut up now and just accept GoDaddy is sh1t.

Originally posted by lacrimaererum

The service outage that hit the GoDaddy.com site was caused by an internal network problem, the company said Tuesday. The GoDaddy site suffered outages Monday which were originally reported as the result of a hacking attack. "It was not a 'hack' and it was not a denial of service attack," the company said. Instead, GoDaddy said the outage was "due to a series of internal network events that corrupted router data tablets."

www.marketwatch.com...


seems it was nothing to do with hackers or any attack.

all the whingers giving about the hackers can shut up now and just accept GoDaddy is sh1t.

Wouldnt it make sense for GoDaddy to say that for damage control purposes?? I think its better to suggest it was an internal issue instead of admitting that we were taken down by a hacker... just a thought

8 minutes ago on his twitter page, the alleged hacker wrote this

Anonymous Own3r‏@AnonymousOwn3r
I think i will have to bring down www.godaddy.com... again, so this way they would admit instead of hiding the attack.

GD is probably using the old business practice of making money but not investing in infrastructure to support growth.

reply to post by jhn7537


yea, that makes perfect business sense.


ffs

reply to post by jhn7537


Guess he'll have to do it again then. Otherwise, case closed.

Godaddy customers, beware.

As a network engineer I am going with the corrupted router tables vs. hackers -- less glamorous - more realistic. When you hear hoof beats behind you - don't expect to see a Zebra.

Originally posted by SunnyDee
reply to post by jhn7537

 

Guess he'll have to do it again then. Otherwise, case closed.

Godaddy customers, beware.

I guess he already did something today (within the last hour), not as severe as yesterdays hack, but he posted a twitterpic of a screen shot of him hacking their page...

Anonymous Own3r‏@AnonymousOwn3r
@godaddy haha migre.me... how does you feel? Oops! An unexpected error has occurred. Hackedby Own3r twitpic.com...

I think this AnonymousOwn3r is the real deal.. He just posted to his twitter account that he found 51 vulnerablities in the GoDaddy.com website... Below was his attachment... Any IT minds in here understand what this is?

Its not letting me post the link???

Anonymous Own3r‏@AnonymousOwn3r
I just found 51 vulnerabilities in www.godaddy.com... website http:///EdCDaqQy

That gives an error because of the html tags in the query string. Remove them and it works. (end with 410)

The URL does a redirect to GD with the bad query string.

migre.me
Attempting to connect to '200.98.131.46' on port '80'...OK.
Sending HTTP request...
GET /aEUrH HTTP/1.1

OK.
Reading response...
Closing socket...

HTTP/1.1 301 Moved Permanently
Date: Tue, 11 Sep 2012 18:50:55 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.17
Location: www.godaddy.com... newscenter/release-view.aspx?news_item_id=410%3E%3Ch1%3Ehacked%20by%20Own3r%3C/h1%3E
Connection: close
Content-Length: 0
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8

So gd just doesn't check the query very well but anyone can get this effect.

From 1 minute ago

Anonymous Own3r‏@AnonymousOwn3r
Now yes I broke into the security of one of godaddy servers! just expect!


Anonymous Own3r‏@AnonymousOwn3r
Anonymous Message: GoDaddy http:///38WAhT0x


Go to his twitter page and read the letter he wrote to godaddy

twitter.com...

Anonymous Message: GoDaddy

-------------->Follow @AnonOpsLegion / @AnonymousOwn3r on Twitter

GoDaddy's name and idiotic ad campaigns should be enough to deter any self respecting business. Who is their target audience,Indycar fans and people who find Danica Patrick hot?

I guessing most people using GD here overlooked the trashy ads and stupid name, focusing on technical advantages like seamless cart features etc. I have to ask these people if any alarm bells rang at all when you saw their tacky, trashy sales pitch? Or did some people never see their ads?

Was anyone here completely sold, hook line and sinker on their ads, thinking "these are the hands I want to entrust my life's labour, my income, the bread on my family table to"?

reply to post by blah yada

I tend to agree with your ad stance. It seemed like once GD got a certain number of domains, the low pricing helped, they changed. Guess that is what success can do.