Godaddy DDoS Attack

Published: 2012-09-10
Last Updated: 2012-09-10 21:39:54 UTC
by Johannes Ullrich (Version: 2)
17 comment(s)

Update: GoDaddy appears to make some progress getting services back online. The web site is responding again. DNS queries appear to be still timing out and logins into the site fail. (17:30 ET)

GoDaddy is currently experiencing a massive DDoS attack. "Anonymous" was quick to claim responsibility, but at this point, there has be no confirmation from GoDaddy. GoDaddy only stated via twitter: "Status Alert: Hey, all. We're aware of the trouble people are having with our site. We're working on it."

The outage appears to affect the entire range of GoDaddy hosted services, including DNS, Websites and E-Mail. You may experience issues connecting to sites that use these services (for example our DShield.org domain is hosted with GoDaddy). 

 At this point, I would expect GoDaddy to keep its users up to date via it's twitter feed (http://twitter.com/GoDaddy ). I am not aware of a reachable network status page for GoDaddy.

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

17 comment(s)

Comments

FYI: This also effects ALL SSL certificate verification from GoDaddy, crippling a good portion of secure web pages at this time. -Al
Why would it? One of the beauties and faults of SSL verification is that when the CRL site is unavailable, the certificate is still accepted. We've got several EV certs with them and they are all still showing a green bar.

I would have expected the green bar to go away but it hasn't.

Do you have an example? Other than www.godaddy.com, of course. :-)
Yes that is true. Unavailable results in acceptance with warnings, but if the site answers slooooooowly and fragments the answer that will fail the lookup for quite some time. It seems GoDaddy is aware of this and prioritized, shut or failed over their SSL chain accept servers. Certificates were not working a short while ago. They are now. I do get validated chains when I test a CERT with OpenSSL so apparently that is now restored at least partially.
I would hope that GoDaddy has already informed the FBI and/or other appropriate authorities.
It looks like godaddy is moving their own domain around to try and get something back up. For a while their NS record was at Verisign, now it's secureserver.net.
We have our DNS hosted at GoDaddy. It appears to be back up now.
FYI: GoDaddy's network status page is http://support.godaddy.com/system-alerts/
GoDaddy is back up and all, and thank you guys at the ISC for reporting this. In retrospect, would this have merited raising the Infocon to yellow? Assuming the media reports of "millions of sites" being impacted is true...
was this just a dos attack or likely an attack on the crl/secure cert chain to access who knows what?
What did Godaddy do to deserve this? And why disturb all the users?

Diary Archives