Network News

X My Profile
View More Activity

Web Sites Disrupted By Attack on Register.com

Web site host and domain name registrar Register.com has been the target of a sustained attack this week, disrupting service for thousands of customers.

The attacks began on Wednesday, causing a three-hour outage for many Web sites that rely on the company for hosting and/or use the company's domain name system (DNS) servers, said Roni Jacobson, executive vice president at Register.com.

The outage was the result of what's known as a distributed denial of service (DDoS) attack, in which attackers cause hundreds or thousands of compromised PCs to flood a target with so much junk traffic that the Web site can no longer accommodate legitimate visitors. Typically, DDoS attacks are waged as a way for criminals to extort money from the targets, who are told the attack will cease when a ransom demand is paid.

Jacobson declined to say whether Register.com had received any extortion demands.

"We did have a flooding of traffic to portions of our system which impacted services to customers and was restored as quickly as possible," Jacobson told Security Fix on Thursday.

The attack appeared to persist until at least Friday, when Register.com chief executive Larry Kutscher sent an apologetic message to customers via e-mail.

Earlier today we communicated to you we were experiencing intermittent service disruptions as a result of a distributed denial of service (DDoS) attack - an intentionally malicious flooding of our systems from various points across the internet.

Services have been restored for most of our customers including hosting and email. However for some of our customers, services are not fully restored. We know this is unacceptable.

We are using all available means to restore services to every one of our customers and halt this criminal attack on our business and our customers' business. We are working round the clock to make that happen.

That may have been too little, too late for some customers. John Ketchpaw, co-owner of panopto.com, said he opted to move his company's site hosting to another provider due to the disruptions, which blocked customers from accessing his site most of the day on Wednesday.

Ketchpaw said his company wasn't even able to receive e-mail, because its e-mail servers also relied on Register.com's DNS servers.

"This was sort of the last straw for us," Ketchpaw said. "Our whole company was offline pretty much all day, and everything just came to a screeching halt."

Register.com is the eighth largest domain registrar, with roughly 2.7 million domains, according to registrarstats.com.

Update, April 6, 10:25 a.m. ET: Changed last sentence to "2.7 million domains," from "2.7 percent market share."

By Brian Krebs  |  April 5, 2009; 4:19 PM ET
Categories:  Fraud  | Tags: DDoS, attack, register.com  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Conficker's April Fools Fizzled, But Threat Remains
Next: Time to Update Java

Comments

I used register.com once for registering a domain name and their customer service was terrible. How did they wind up with 2.7 million customers?

Posted by: gator915 | April 6, 2009 4:59 AM | Report abuse

Register.com is one of the oldest registrar out there. They almost have a constant number of customer base.... it used to be above 3 million at a time.

BTW Mr. Brian Krebs, the 2.7 is not the market percent, but domain names in millions - you failed to read registrarstats correctly. -:)

Shawn Willis
swillis@walkersresearch.com
http://www.walkersresearch.com

Posted by: swillis1 | April 6, 2009 6:54 AM | Report abuse

@swillis1 - doh! I will correct. thanks

Posted by: BTKrebs | April 6, 2009 10:22 AM | Report abuse

I don't understand why they would up and leave register.com because of a disruption due to DDoS? Leaving because of bad service or a cheaper, better alternative, fine. But DDoS attacks can happen to any hosting provider, service provider, etc. What makes them think that switching will not make them vulnerable again?

Posted by: steve-o2 | April 6, 2009 2:26 PM | Report abuse

So, the big problem with Register.com is that they do not allow redundant DNS with a different organization. With register.com, there is a single point of attack which can easily affect MANY organizations. If you can spread your DNS servers over multiple providers and geographic locations, you are more able to mitigate attacks. Attacks can still happen, this just makes it a little more difficult for an attacker to succeed.

Posted by: jason6655 | April 6, 2009 3:16 PM | Report abuse

Authorities investigating the RBS WorldPay breach, as well as the breach at Heartland Payment Systems, have used similar language to describe an international conspiracy that is targeting multiple financial institutions.

Based on these similarities, it seems highly likely that Tenenbaum and his cohorts may indeed be the culprits behind a rash of major information security breaches that have the Payment Card Industry pointing fingers and attempting to dodge responsibility for security compliance.

http://information-security-resources.com/2009/03/26/is-heartlandworldpay-suspect-in-custody/

Posted by: anthonymfreed | April 7, 2009 1:08 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company