digg

Facebook Connect Join Digg About
See the original image at blogs.zdnet.com

Web host GoDaddy hit by a DDoS attack

blogs.zdnet.com Domain name registrar and web hosting provider GoDaddy.com, was hit by a DDoS attack on Wednesday affecting thousands of its shared hosting customers for several hours. GoDaddy’s Communications Manager Nick Fuller confirmed the attack originally speculated to be an “outage”, and responded to several questions about it.

Who dugg this? Made popular Jan 18, 2009

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

128 Comments

show profanity settings
expand all
  • coheedcollapse, on 01/18/2009, -10/+126Good. Those guys are shady. Never trust a domain seller that also runs a domain name auction site. I went with namecheap, and while they don't often have the mindblowing introductory deals like GoDaddy, I feel safe having my name there.
  • newms32, on 01/18/2009, -14/+115Is GoDaddy the company that preemptively auto-registers the domain name for a few months when you search to see if it's available? I know one of the registrars was doing that. If so then ***** them.
  • defconoi, on 01/18/2009, -5/+91Educate yourselves about Godaddy's evilness, ***** them, here is 5 reasons they suck... look below for more
    1. Their shared Web hosting service is cheap — perhaps too cheap. Their technical support people are utterly clueless and unable to assist with the most basic of issues, and throw something more complex at them, and they break out the “we’re sorry you didn’t like our service” form letter.
    2. GoDaddy’s shared Web hosting uses a reverse proxy/HTTP accelerator which mangles HTTP headers, making all but the simplest Web applications difficult or impossible to run. GoDaddy refuses to fix this.
    3. GoDaddy doesn’t run a proper whois server. It directs people to visit a Web site, instead of returning the proper whois information.
    4. Update: GoDaddy customer service representatives troll blogs and make the company look bad.
    5. Update: GoDaddy network admins will wipe your virtual dedicated server account if it gets hacked, before you have a chance to take a backup or attempt to salvage any data from it.
    6. Update: GoDaddy hosting gets hacked and the company covers it up.

    http://letmegooglethatforyou.com/?q=godaddy+sucks
  • defconoi, on 01/18/2009, -1/+81http://nodaddy.com/
    GoDaddy suspends accounts without due cause. They often even levy an arbitrary "fines" and hold your domain name ransom until you pay it. GoDaddy stores your credit card number when you make a purchase, allowing them to levy "fines" without your consent (example1, example2, example3).

    For example, when Nick Berlette exposed a serious security hole in the website of DynaDot.Com, they apparently responded by persuading GoDaddy to shut down his blog rather than fixing their pathetic security [agiorlando.com]. GoDaddy of course complied immediately, and sent him this shutdown notice. Note that GoDaddy used the ransom approach here, saying he had two options: Pay a "$199 non-refundable reactivation fee" and GD will put his web site back up, or "if you choose to transfer the berlettefx.com domain name to another registrar, we first require that you pay a $75 administration fee ... to cover the costs of responding to or "cleaning up" the situation caused by your web site.

    The author of this web page had a similar experience.

    GoDaddy loses customer domains. Tim Ziegler learned this the hard way. He founded the site FamilyAlbum.com. Someone filed a complaint that his whois data was invalid. GoDaddy responded by sending him an email asking him to confirm or correct his whois registration data. When he didn't respond in time, GoDaddy took the extraordinary step of deleting the domain name he had paid for and selling it to someone (possibly the same guy who filed the whois complaint) who had already placed a backorder on FamilyAlbum.Com. GoDaddy refused to return the domain name to its rightful owner. There is a good writeup at Domain Name Wire, along with a GoDaddy response where they disclaim responsibility. DomainNameWire also asked other registrars what they would have done. None of them had the GoDaddy policy of "send an email then delete the domain if no response comes in time". If you hold domains at GoDaddy, you better not go on any extended vacations, suffer hospitalization, or use a spam filter which might drop that critical email!

    GoDaddy uses dirty tricks to block domain name transfers. If you make the mistake of becoming a GoDaddy customer, you may find it difficult to leave. ICANN is supposed to regulate registrars to ensure competition, but GoDaddy is constantly pushing the boundaries. For example, this section just discussed how GoDaddy may delete your domain if you don't keep your whois information up-to-date. But whenever you update the information, a checkbox pops up saying "For security purposes I authorize the rejection of all transfer requests for all selected domain names for a period of 60 days...". If you don't check that box, GoDaddy won't let you update your contact information. And if you do check the box, GoDaddy refuses to let you transfer the domain because they claim you "expressly and voluntarily objected through opt-in means" to the transfer. There is a thread about this on NoDaddy forums. GoDaddy imposes the 60-day transfer embargo in other cases too, such as when you transfer a domain name between accounts. If they make you wait long enough, you may have to renew the domain name so it doesn't expire. Renewals cause another 60-day transfer embargo.

    GoDaddy knows they are violating ICANN rules with the whois-change-embargo, and will back down if they believe you will file an ICANN complaint. Detailed instructions for what to say have been posted at the forums.

    GoDaddy charges extra for a privacy service, then gives up your contact information to anyone who threatens to sue. In News.Com's Private domains not so private?, Alan Cordle pays extra for GoDaddy's privacy service on his poetry contest review site (Foetry.Com), then is outed by GoDaddy at the first sign of trouble.

    Want to read more horror stories or post one of your own? Check out the NoDaddy forums!

    Here is an example of ddos with ping
    Go to Run
    type in cmd
    type in
    ping 192.168.0.1 -l 65500 -n 1000
    replace that ip with any, even godaddy's if u hate them too heh
  • syndustry, on 01/18/2009, -1/+69DDOS Distributed Denial of Service
    ...Distributed

    a bunch of different computers hogging the servers bandwidth until it can't handle the load and fails....usually part of a botnet...

    so no...that wouldn't work


  • duggdowncatisad, on 01/18/2009, -1/+60That silly ebaums, there they go again.
  • inactive, on 01/18/2009, -1/+53Look at this dude (GD CEO) and tell me he isn't a douche:
    http://blog.wired.com/photos/uncategorized/2007/05 ...

    Yes, that's a diamond stud in his ear the size of a pea.
  • inactive, on 01/18/2009, -4/+44GoDaddy, karma much? parasites, one in the teeth for you: WIN.
  • inactive, on 01/18/2009, -1/+31GoDaddy will officially announce the DDoS attack later today with the presence of scantily clad women in a photo shoot.
  • walkingbullseye, on 01/18/2009, -3/+32I believe it was Network Solutions that was doing the auto-registering for domains that you search for on their site.
    I have not had a single problem with customer service. I have had 2 issues logging into my account and both were fixed within 10 mins on the phone by a real person. I even get phone calls from them just asking if everything is ok.
  • Dronez, on 01/18/2009, -0/+25Hey douche bag, the guy asked an honest question, you don't have to act like a smug ***** about it.
  • stanzerv, on 01/18/2009, -5/+29I think this attack is done by some of the unsatisfied customer. I used to buy domain from GoDaddy, however GoDaddy doesnt accept Malaysia customer and my domain was rejected and never get the money back. What a shame for GoDaddy!
  • Mujokan, on 01/18/2009, -1/+21There is that massive Downadup botnet out there right now. F-Secure is estimating 9 million infected boxes over just a few days. http://www.f-secure.com/weblog/
  • Spanq, on 01/18/2009, -1/+20Except for the part where it sucks.
  • TwoDotOh, on 01/18/2009, -1/+19When a friend of mine worked at GoDaddy, DDoS attacks were frequent. In the six months he was employed there, there were five or six attacks. He was never allowed to tell customers this, of course, which proved very frustrating when I was dealing with customers. When he was dealing with customers.
  • inactive, on 01/18/2009, -1/+18Wow, with so much dedication into it, can you name your web hosting company so I can be sure to never do business with you?
  • RetepNamenots, on 01/18/2009, -1/+18There is a reply button..
  • audiodrumm, on 01/18/2009, -0/+16Why is rnawky's comment being buried? It's a legitimate question. The more you know....
  • Charklii, on 01/18/2009, -0/+16Namecheap, is by far my favourite registrar.. everything has been a positive experience.. I was reccomended them by a fellow digger too.. and so time to pass on the favour... Any digger looking to buy domains, seriously consider NameCheap :) It's well worth it.
  • Nimphious, on 01/18/2009, -1/+17...what?

    I'm sure if you actually knew how either a proxy, a DDoS attack, or a BotNet actually worked, you'd be kicking yourself particularly hard right now for advertising your idiocy across the internet to all the unfortunate people who are now less intelligent from reading your comment.

    Please call your ISP, and tell them you are too stupid to use the internet.
  • Hilyin, on 01/18/2009, -1/+16Wow, good info... Just transferred my 3,000 member forum domain off godaddy. PEACE!
  • Sheeplike, on 01/18/2009, -0/+13Every time I go to godaddy it feels like they are under attack. The site is slow as balls.
  • Qumahlin, on 01/18/2009, -3/+15Actually Go Daddy does do the second part he mentioned about the auction site, look up your facts you wannabe know-it-all
  • rnawky, on 01/17/2009, -25/+37I don't know much about denial of service attacks but... Can't servers just detect when the same IP address hits it over and over and then block it?
  • Qumahlin, on 01/18/2009, -0/+11which thusfar have not attacked or done anything other than communicate back to their key servers.

    I actually have a laptop next to me purposefully infected just so I can investigate the traffic. Thus far other than it's standard reach out infection routine it hasn't been commanded to do anything.
  • kingmanic, on 01/18/2009, -0/+11They utilized the botnets to do it. by flooding packets from hundreds of thousands of computers. It's difficult to detect a real packet from a pack ESPECIALLY since many of the legitimate clients also have infected machines.
  • IntruderII, on 01/18/2009, -0/+10They've reported on negative GoDaddy stories before, even during sponsorship.

    I don't see why that would change. Besides, this story likely won't become popular enough anyway.
  • gmw666, on 01/18/2009, -0/+10shameless plug is shameless
  • sickthoughts, on 01/18/2009, -14/+23Godaddy has never done that, that was NS. Please refrain from talking *****, you wannabe know-it-all.
  • Frophauser, on 01/18/2009, -2/+11GoDaddy sponsors Diggnation... What are the chances that this story will get a mention on the show?
  • sickthoughts, on 01/18/2009, -2/+11Have transferred all but 2 of my domains from Godaddy. Terrible ***** support.

    Advice - once you find a good Godaddy support person, write down their name and always specifically ask for that person. Otherwise you end up with some douche who can't read, can't write, and sure as ***** doesn't know how to fix your problem.
  • screamthenrun, on 01/18/2009, -0/+8MtheoryX
    It's not 24*.1
    It's 24* .1% = 24*.001 = .024 hrs = 1.44 min
  • addakorn, on 01/18/2009, -1/+9I have been using GoDaddy to host several sites for quite a few years. I also have a few dozen domains registered with them. Not once have I had a problem. Every time I call I am speaking to a live human in less than three minutes, and I am provided with good or better service.
  • Eminemdrdre00, on 01/18/2009, -1/+9So thats what 99.9% uptime means!
  • RobotBanana, on 01/18/2009, -0/+8@Azerael:

    Well, probably... They're in the business to make money, not to be your friend. But if the end result is that my issue gets fixed promptly and effectively, I don't care what their motivation is.
  • captainpete, on 01/18/2009, -0/+7Namecheap isn't exactly getting the best rating from the BBB
    http://www.labbb.org/BBBWeb/Forms/Business/Company ...
  • TSK05, on 01/18/2009, -1/+8Everyone fails at math except screamthenrun - 99.9% is 1.44 min of downtime per day or 45 minutes of (maximum) downtime per month.
  • Trax91, on 01/18/2009, -3/+10***** GoDaddy
  • dnb1997, on 01/18/2009, -0/+7LOIC FTW
  • eddie72, on 01/18/2009, -0/+7I can acknowledge some of your post. They held our forums for hostage, a gaming forum for the Quake series and attempted to hold our domain name hostage. We took legal action and recovered our domain name and changed our hosting. We owned our domain name already.

    And someone way above said GoDaddy wasn't shady pfft.
  • Spinfusor, on 01/18/2009, -0/+7Do a search for "DreamHost" and "outage" and you will find entries for every year since at least 2004. DreamHost also billed its customers for an extra $2.1 million (leading to overdrafted bank accounts and credit cards as well as down sites) in 2008.
  • eddie72, on 01/18/2009, -4/+10Really? They aren't? Have you ever used their services for hosting or bought a domain name off them?

    You buy a domain name off them and suddenly they say "Sorry that domain name is expired if you send us a extra payment we will resubscribe the domain name for you". They also made up their own bandwidth usage amounts to others that were hosting nothing but forums but somehow exceeded their bandwidth amounts for their plans.

    I think GoDaddy is one of the shadiest hosts/Domain Name sellers on the market. They do have great advertising though.
  • Macuyiko, on 01/18/2009, -1/+7Well said. But use another DoS method instead of the ping one :). Simple ping, udp or tcp connect attacks are a thing of the past and will require a huge amount of people to have any effect at all.

    Use a SYN flood.
  • inactive, on 01/18/2009, -1/+6Actually detecting when an IP address is making requests too often is one way to stop ddos attacks. I've successfully blocked smaller attacks this way. It gets a bit harder though with larger attacks but it's still possible to block the attack at the ISP level.
  • lukas88, on 01/18/2009, -5/+10Godaddy does other sleazy stuff like make you go through 4 or 5 "confirmation" screens when you try to purchase a service where they try and sell you addons, and the addons are auto selected so that if you don't read it carefully then you can easily buy stuff extra on accident. Also, they will sell your physical address to spam companies so prepare to get a lot of junk mail if you use them.

    On the other hand, at least they don't randomly delete your webpage *cough* easycgi *cough*
  • inactive, on 01/18/2009, -1/+6Huh, that's funny... I canceled my GoDaddy account on Tuesday. Boy, I sure like suspicious right now!
  • inactive, on 01/18/2009, -1/+5Terrible shame that such an honest and respectful company would have this happen to them...


    /s
  • MtheoryX, on 01/18/2009, -0/+4*shakes magic 8 ball*

    Outlook hazy.
  • Khraiven, on 01/18/2009, -11/+15How bout you so some real research on a company before you say they are shady. You have absolutely no evidence of them being shady, whatsoever, yet because they allow people to auction off their domains (a service people WANT), they must be shady? Right. That company wins awards left and right, and they didn't get to be the success they are by screwing people over.
  • KevenM, on 01/18/2009, -0/+4I've bought several products from them, and have never 'accidentally' purchased anything. Additionally, there IS an option for "no thanks, checkout now"
  • Fetching more discussions...
    Show 51 - 100 of 134 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.