IE 11 is not supported. For an optimal experience visit our site on another browser.

GoDaddy Restores Service, Blames Router Software

/ Source: SecurityNewsDaily

at noon Eastern time Tuesday with official explanation from GoDaddy. Scroll to end of story for more.

Web domain registrar and hosting company GoDaddy was back in business this morning (Sept. 11), the day after a devastating outage which saw thousands, possibly millions, of clients knocked offline for several hours.

It's still not clear what caused the outage, even as a lone Anonymous-affiliated Twitter user from Brazil continued to claim responsibility, and then said he could bring down Facebook and Google too.

GoDaddy promised to have more information later today.

"Most customer hosted sites back online," tweeted the @GoDaddy Twitter account yesterday at 5:18 p.m. Pacific time (8:18 p.m. Eastern.)  "We're working out the last few kinks for our site & control centers. No customer data compromised."

"At 10:25 am PT, and associated customer services experienced intermittent outages. Services began to be restored for the bulk of affected customers at 2:43 pm PT," said a message at the top of the restored GoDaddy homepage this morning. "At no time was any sensitive customer information, such as credit card data, passwords or names and addresses, compromised.

"We will provide an additional update within the next 24 hours. We want to thank our customers for their patience and support."

A GoDaddy spokeswoman could not give Cnet the cause of the outage, nor how many websites were affected.

[ Twitter Timing Casts Doubt on GoDaddy Takedown Claim ]

GoDaddy fixed the problem by switching its Domain Name System (DNS) servers to machines controlled by its longtime competitor and archrival, VeriSign, according to Wired News.

DNS servers are the "telephone books" of the Internet and translate URLs and email addresses into the numerical systems that servers, routers and computers use.

An unnamed source told TechCrunch yesterday that three GoDaddy DNS servers weren't responding during the outage.

Today GoDaddy, tomorrow Google and Facebook

It's just possible that a single hacker with impressive software could take out all the DNS servers of the world's largest domain-name registrar. But the Twitter user @AnonymousOwn3r was claiming responsibility without offering any proof.

In response to an Indian site's presumption that he used a PERL script easily found online, @AnonymousOwn3r said this morning, "I use it also but I use others scripts bots developed by me but I will not release it to public."

To another question, he replied, "I already bring down Facebook once just read it ... and about Google yes I can bring it down too."

The link leads to a Portuguese-language blog posting citing @AnonymousOwn3r for taking credit for a supposed Facebook outage on May 31.

As SecurityNewsDaily noted yesterday, @AnonymousOwn3r was quick to claim responsibility for the GoDaddy outage, posting his first tweet saying so at 10:46 a.m. Pacific time yesterday.

@AnonymousOwn3r's claim would bear more weight had he posted it before the outage began. GoDaddy says the problems started around 10:25 a.m. Pacific, and its tweet saying it was aware of them came 10 minutes later — 11 minutes before @AnonymousOwn3r first mentioned it.

Yeah, right, dude

Other Anonymous-affiliated Twitter feeds were less than impressed by @AnonymousOwn3r's claims, with many pointing to a Storify page aggregating their irritation.

"Godaddy technician trips over Ethernet cord, pulling it from edge router. Blames Anonymous," said the @AnonyOps Twitter feed yesterday afternoon, later adding, "Today a leaf fell off a tree. Anonymous took credit."

"Apparently one tweet from a random 1337-looking user is now credible enough to claim an attack through the media," tweeted former LulzSec associate Sven Slootweg.

"Please redirect your GoDaddy hate to @AnonymousOwn3r says is the 'leader' of Anonymous. #derp Have #lulz with that," said the @YourAnonNews feed.

UPDATE: At about 11:30 a.m. Eastern time Tuesday, GoDaddy posted a statement on its website blaming the entire incident on "corrupted router data tables."

"The service outage was not caused by external influences. It was not a 'hack' and it was not a denial of service attack (DDoS)," the statement, attributed to interim chief executive officer Scott Wagner, read in part.

"We have determined the service outage was due to a series of internal network events that corrupted router data tables. Once the issues were identified, we took corrective actions to restore services for our customers and," it said. "We have implemented measures to prevent this from occurring again."

Internet communications depend on millions of network routers, ranging from the wireless routers found in homes to huge rack-mounted machines in data centers. Each router constantly keeps track of which other routers it is connected to, with many routers updating their network-status information — known as router tables — every 30 seconds.

It's entirely possible that bad router-table updates could have led to cascading failures that knocked down GoDaddy's DNS servers, though a four-hour global outage indicates that something may have been very wrong with GoDaddy's internal network.

"Throughout our history, we have provided 99.999 percent uptime in our DNS infrastructure," the statement said. "This is the level our customers expect from us and the level we expect of ourselves. We have let our customers down and we know it."

At 1:05 p.m. ET Tuesday, @AnonymousOwn3r responded to the GoDaddy explanation.

"Whooa @GoDaddy is denying that it was hacked by me!" he wrote. "They don't wanna show their cybersecurity is bad this way they would lose customers !"