Printed from http://www.electronista.com

GoDaddy refutes hack claim, blames cascading server failure

updated 06:36 pm EDT, Tue September 11, 2012

'internal network events' to blame for mass outage

Rather than confirming the alleged hack by an Anonymous member, GoDaddy blamed serious technical problems for a six-hour service disruption that affected nearly all of its customers on Monday. The outages were caused by "a series of internal network events" that disrupted the DNS service on the company's equipment, GoDaddy's CEO Scott Wagner confessed in a statement.

The failure was caused by "a series of internal network events that corrupted router data tables" according to a GoDaddy statement. GoDaddy continues to claim that no customer information such as credit card data, passwords, or names and addresses were released.

A highly-placed US federal government IT official told Electronista that he believed that "GoDaddy claiming that a single-point failure took down their entire network is magnitudes worse than an attack by Anonymous."

During the attack, GoDaddy's Twitter account promised that the company was "working feverishly to resolve the problem as soon as possible." Both the "attacker" and "official" Anonymous channels made it clear through social media and comments on news items about the attacks that the hacktivist group wasn't responsible for the attack.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

  1. besson3c

    Clinically Insane

    Joined: 03-03-01

    GoDaddy is probably lying, they were hacked. Prior to this attack they were running some ancient version of PHP (5.1.something I believe), and now they are running a much newer version released this May - I last checked on this quite recently, the timing of this may be coincidental or it might be relevant. They are still running a version of CentOS from 2010 (5.5). Sites on their servers are frequently infected with malware.

    When you run a high volume, low cost sort of host like this it is extremely hard to keep up on security and performance related issues being such a high profile target. This is probably one time when things slipped, which will happen from time to time with a company like this.

    Whether or not you feel this can be excused, there are a number of better web hosting companies out there. Bigger is not necessarily better when it comes to web hosting.

  1. VoiceOfReason

    Fresh-Faced Recruit

    Joined: 09-11-12

    I couldn't agree with you more.

  1. _Rick_V_

    Fresh-Faced Recruit

    Joined: 03-21-03

    While I don't refute the fact that there are WAY better hosting companies out there (Rackspace, for example), running an old version of linux (CentOS 5.5, in this case) isn't necessarily an indicator of how likely you'll be hacked. Linux isn't like Mac or Windows, where later versions of the OS are inherently more secure.

    On the contrary, a Linux Server install ONLY has the bare minimum services installed for that server to do it's job. For example; SSH, Apache, and a few other things, but excludes a GUI or other interfaces found in a desktop OS that would introduce potential vulnerability vectors. Given that you can keep those packages updated independently of the OS, and upgrading to (say) CentOS 6.2 doesn't really provide any real advantage, there isn't always a really compelling reason to upgrade. Additionally, they may have developed a bunch of internal tools that works perfectly in 5.5 but breaks in 6.2.

    In summery, a linux server is a completely different animal than most people know as computers with Windows or Mac.

    -Rick

  1. besson3c

    Clinically Insane

    Joined: 03-03-01

    Originally Posted by _Rick_V_View Post


    While I don't refute the fact that there are WAY better hosting companies out there (Rackspace, for example), running an old version of linux (CentOS 5.5, in this case) isn't necessarily an indicator of how likely you'll be hacked. Linux isn't like Mac or Windows, where later versions of the OS are inherently more secure.
    On the contrary, a Linux Server install ONLY has the bare minimum services installed for that server to do it's job. For example; SSH, Apache, and a few other things, but excludes a GUI or other interfaces found in a desktop OS that would introduce potential vulnerability vectors. Given that you can keep those packages updated independently of the OS, and upgrading to (say) CentOS 6.2 doesn't really provide any real advantage, there isn't always a really compelling reason to upgrade. Additionally, they may have developed a bunch of internal tools that works perfectly in 5.5 but breaks in 6.2.
    In summery, a linux server is a completely different animal than most people know as computers with Windows or Mac.
    -Rick


    I realize all of this is true, my pointing out that they were running CentOS 5.5 was just intended to support the theory that their servers may be updated infrequently in general. In addition to the very old PHP that was installed and available until only just recently, their servers lack Git and rsync, and still support FTP (although I'll cut them some slack for supporting FTP, many hosts still do for reasons that have never been clear to me).

    Also, while what you said is true, in the Redhat world it can be difficult finding a source of packages for recent binaries with an OS as old as CentOS 5.5. If they really had DNS security problems, for instance, it is likely that the recent packages of bind are not available in the CentOS 5.5 channel anymore. They could roll their own packages, maybe they do, but at this point it is probably easiest for a company like this to plan some sort of update strategy rather than building their own stuff in perpetuity and/or backporting kernel related fixes.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

DoxieGo Portable Scanner

Sometimes, people need to scan things, but having a computer at hand to do so isn't exactly feasible. Maybe it's the home of a relativ ...

Dell AD211 Bluetooth speaker

For all of the high-priced, over-engineered Bluetooth speakers in the electronics market, there is still room for mass-market solution ...

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

Sponsor

toggle

Most Commented

 
toggle

Popular News