Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Network Solutions Recovers After DDoS Attack

Customers still report ongoing outages in wake of last week's attacks.

9 Android Apps To Improve Security, Privacy
9 Android Apps To Improve Security, Privacy
(click image for larger view)
Network Solutions said it's fully mitigated a distributed denial of service (DDoS) attack that compromised some services last week, and that attack volumes against the company had returned to normal.

"We experience DDoS attacks almost daily, but our automatic mitigation protocols usually handle the attacks without any impact to our customers," said John Herbkersman, a spokesman for Network Solutions' parent company, Web.com, via email. Network Solutions manages more than more than 6.6 million domains, provides hosting services, registers domain names and also sells SSL certificates, among other services.

But Monday, some customers reported still experiencing domain name server (DNS) and website updating difficulties that dated to the start of the DDoS attacks. The company, however, disputed those claims. "Some customers may be experiencing issues, but they are not related to last week's DDoS attack," said Herbkersman.

[ Are distributed denial of service -- DDOS -- attacks increasing? Read DDoS Attack Bandwidth Jumps 718%. ]

The DDoS attacks began last week, with Network Solutions at first reporting that "some Network Solutions hosting customers are reporting latency issues," according to a "notice to customers who are experiencing hosting issues" posted to the company's website on Tuesday, July 16. "Our technology team is aware of the problem, and they're working to resolve it as quickly as possible. Thank you for your patience," it said.

As the week continued, the company posted updates via Twitter and to its Facebook page. By Wednesday, it said that the outages were due to a DDoS attack "that is impacting our customers as well as the Network Solutions site." It said that the company's technology staff were "working to mitigate the situation."

Later on Wednesday the company declared via Twitter: "The recent DDOS attack affecting customers has now been mitigated. Customer websites should be resolving normally. Thanks for your patience."

The Network Solutions website wasn't available or updateable for the duration of the attacks. But that wasn't apparent to all customers, who might not have turned to Facebook and Twitter seeking updates about the company's service availability. One InformationWeek reader, who emailed Friday, accused Network Solutions of being less than forthcoming about the fact that the outages were being caused by a DDoS attack, "which they acknowledged only when calling them," after he found only the "notice to customers who are experiencing hosting issues" post on the company's site. "They have been trying to bury it," he alleged. "Some sites were down for the entire day."

Herbkersman brushed off the criticism. "In addition to Facebook, we communicated via the Network Solutions' website and via Twitter," he said. "We also responded directly to customers who called our customer service team and those who contacted us via social media channels."

Friday, the company did publish a fuller accounting of the outage to its website. "Earlier this week, Network Solutions experienced a distributed denial of service (DDoS) attack on its servers that affected our customers. The Network Solutions technology team quickly identified the issue and implemented measures to mitigate the attack," read a statement posted to the company's site and cross-referenced on its Facebook page. "We apologize to our customers who were impacted."

"Are we getting refunded some money because of your 99.99% uptime guarantee?" responded one member via Facebook. "Feel free to call our support team and they will be happy to discuss," came a reply from Network Solutions.

Customers might have had to contend with more than just the DDoS attack. A Tuesday Facebook post -- since deleted, which the company said it made to help direct customers to more recent information about the DDoS-driven outages -- drew comments from customers reporting DNS issues. "There were multiple reports on the July 16, 2013 Facebook thread that appear to indicate customer DNS records were corrupted before the DDoS induced outage," Craig Williams, a technical leader in the Cisco Systems threat research group, said in a blog post.

The one-two punch of domain name resolution difficulties and a DDoS attack could have left numerous sites inaccessible not just during the attack, but in subsequent days, as the company attempted to identify the extent of the damage and make repairs in subsequent days.

Last week's DDoS attack was the second such attack for Network Solutions customers in less than a month. "In [the] previous outage, domain name servers were redirected away from their proper IP addresses," said Williams. In that case, however, at least some of the DNS issues appeared to be "a result of a server misconfiguration while Network Solutions was attempting to mitigate a DDoS attack." Herbkersman, the Web.com spokesman, said last week's outages were entirely driven by the DDoS attacks, rather than the company's response to those attacks.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
squingynaut
50%
50%
squingynaut,
User Rank: Apprentice
7/24/2013 | 8:02:34 PM
re: Network Solutions Recovers After DDoS Attack
As a customer of Network Solutions or another company, is there anything we can do to mitigate the effects of DDoS attacks like these? Or are we at the mercy of the systems put in place by our domain registrars?
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24259
PUBLISHED: 2021-05-05
The “Elementor Addon Elements� WordPress Plugin before 1.11.2 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24260
PUBLISHED: 2021-05-05
The “Livemesh Addons for Elementor� WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24261
PUBLISHED: 2021-05-05
The “HT Mega – Absolute Addons for Elementor Page Builder� WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by ...
CVE-2021-24262
PUBLISHED: 2021-05-05
The “WooLentor – WooCommerce Elementor Addons + Builder� WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-priv...
CVE-2021-24263
PUBLISHED: 2021-05-05
The “Elementor Addons – PowerPack Addons for Elementor� WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scriptin...