Go Daddy: Network Issues, Not Hacks Or DDoS, Caused Downtime

miller60 writes "GoDaddy says yesterday's downtime was caused by internal network problems that corrupted data in router tables. 'The service outage was not caused by external influences,' said Scott Wagner, Go Daddy's Interim CEO. 'It was not a 'hack' and it was not a denial of service attack (DDoS). ... At no time was any customer data at risk or were any of our systems compromised.' The outage lasted for at least six hours, and affected web sites and email for customers of the huge domain registrar."

Had to Take the Network Down...

[CanHasDIY]

... so the NSA could install their backdoors.

anonymous U So haxor!!!

[DeTech]

Wow, anonymous was so good they were undetectable... And they almost got away with it too. To bad anonymous caught them.

Doesn't Really Help

[Anonymous Coward]

This just makes them look even less competent as a service provider, if the problem was purely internal then.

Re:Doesn't Really Help

[dyingtolive]

Yup.

"Good news everyone, we weren't compromised. We're just incompetent!"

Re:

[dyingtolive]

Nope. I phrased my comment intended for it to be read with his voice.

Re:

[babywhiz]

Actually, the voice in my head is from Icecrown Citadel's Professor Putricide...."Good news, everyone! I've fixed the poison slime pipes!" (during the Rotface encounter)

Re:

[Kalriath]

Which almost 100% certainly is based on Professor Farnsworth.

Re:

[hazah]

Nope :).

Re:

[fak3r]

Wha?

Re:

[osu-neko]

"Good news everyone, we weren't compromised. We're just incompetent!"

To be fair, everyone who uses their hosting is already well aware of that, so this doesn't really hurt them to say...

Re:Doesn't Really Help

[bill_mcgonigle]

"Good news everyone, we weren't compromised. We're just incompetent!"

And we already knew they were evil [slashdot.org] , so ....

GoDaddy for Congress!

(corporations are people, my friend)

Re:Doesn't Really Help

[AlienSexist]

One way to be sure... hit em' again!

Re:

[MrEricSir]

This just makes them look even less competent as a service provider, if the problem was purely internal then.

Or if it turns out it was a hacker, that won't inspire confidence in GoDaddy either.

Re:

[pspahn]

Or possibly a way for them to market their own Premium DNS offerings. I understand that users on Premium DNS were hardly affected (according to a co-worker who was monitoring the whole thing yesterday and had a number of Premium DNS users).

Re:

[whoever57]

Or possibly a way for them to market their own Premium DNS offerings. I understand that users on Premium DNS were hardly affected (according to a co-worker who was monitoring the whole thing yesterday and had a number of Premium DNS users).

Odd. I saw the reverse: our company's domain which is on GoDaddy's Premium DNS servers was affected, while a colleage's personal domain on the standard DNS servers was unaffected.

Re:

[geminidomino]

It's not that their premium DNS server is all that robust.

You just can't have secondary slave DNS servers without it...

Re:

[fermion]

I commend them for being hones with their mistake. As an alleged premier top level domain name reseller, though, we would expect that they had the facilities to prevent both internal errors and external attacks. If I were superstitious, I would say something in the Juju right now. Lots of computer stuff going down.

Re:

[EdIII]

Routing issues aside, the problem could have been largely mitigated with reasonable TTLs IHMO.

I refuse to use GoDaddy because they are lying fucking sociopaths, but from time to time, I do need to help people out with services hosted there. Last time I saw a DNS control panel it had TTLs of 30 minutes as the default for most DNS records.

The outage lasted 6 hours. If you had a TTL of 12-24 hours you would have been just fine, unless I am completely off base on how caching DNS servers operate.

Such short TTL

Re:Doesn't Really Help

[caknuckle]

This just makes them look even less competent as a service provider, if the problem was purely internal then.

It might make them look less competent, but on the flip side suggests an "isolated" incident, and that it won't likely happen again, whereas if it's hackers you as a customer may wonder when the next hack will happen and what effect it will have on your websites, DNS etc. I.e. we better move off before it gets targeted again.

Re:Doesn't Really Help

[Kaptain Kruton]

It makes GoDaddy appear incompetent to geeks and computer-savvy users. However, to the average person that does not know much about computers, they will accept it as a computer problem that 'just happens'.... just like all of the errors that they have on their home computers that supposedly have no cause. As long as GoDaddy makes the problem sound really technical while saying they know exactly what caused it and know how to quickly implement a solution that prevents future instances, they will appear competent to the average computer user. After all, to an average user, an admin's ability to solve a problem that sounds complex will make the admin's skill sound really impressive.

Remember many of GoDaddy's customers are individuals and small businesses that have mediocre computer skills that rely on a simplified WYSIWYG tool. To them, evil hackers that steal information are much worse than an annoying problem that just happens because computers all have problems (in their experience). As long as the customer doesn't realize that it was a problem that should not have occurred and it was only caused by incompetence, then they are less likely to lose those customers.

Re:

[hazah]

I don't think you did.

Re:

[geminidomino]

then they deserve to have there fucking identities stolen, specially since there using a fucking wysiwyg tool to build a fucking webpage. go anonymous, obliterate godaddy and there fucktarded customers that are to fucking stupid to even exist let alone use a computer.

You tell 'em, Scrappy.

Re:

[zaphod777]

Sure, like Amazon or Microsoft hasn't had internal infrastructure issues either. Mistakes happen, things get overlocked, and then fixed. I am more interested in what their lessons learned were and what they have done to prevent a similar incident in the future.

If you believe that...

[Rix]

Then I've got a fully alive not dead elephant to sell you.

Re:

[Anonymous Coward]

How does it help GoDaddy to tell everyone that they are incompetent instead of admitting they were attacked?

Re:

[Rix]

If they were successfully attacked then their both incompetent and insecure.

Re:

[fafaforza]

And what if that hacker does it again and GoDaddy has to admit they were hacked? They'll lose customer from a second downtime, and they'll likely lose a lot more from being exposed as liars. I don't see a reason for them to lie, really, especially by admitting it was internal.

Re:

[rs79]

http://rs79.vrx.net/works/photoessays/2011/godaddy/ [vrx.net]

Bob makes his own dead pachyderms.

Wow

[MyLongNickName]

Talk about having a bad day at the office... can you imagine being a Sys Admin at GoDaddy?

We have a few odd DNS entries still hosted at GoDaddy. We'll be yanking those last ones away. Any advice on how to set it up so I'm not depending on one registrar?

Re:

[cnastase]

Any advice on how to set it up so I'm not depending on one registrar?

Yes. You can depend on more hosting services which use different upstream providers and are located in different datacenters. And pray they don't go offline in the same time :)

Re:

[kwalker]

That doesn't get around your registrar going down, just your hosting.

Re:

[MyLongNickName]

Thanks. I was trying to figure out how cnastase's solution was helping.

Re:Wow

[kwalker]

You would think so, but the company I work for uses GoDaddy (At least up until today we did, we may be going elsewhere now) for our registrar, but nothing else. We run our own DNS servers, our own web servers and load balancers, our own mail servers, etc. but we got scads of complaints about "the website is down" yesterday during the event. We traced it back to external DNS failures, but I have full-time monitoring on all of our systems and nothing on our end even hiccuped. It worked for some locations but not others.

It makes no sense to me either.

Re:

[Anonymous Coward]

You sure it was not say a SSL issue with certs issues by them - they now are a CA as well. The crl is a crl.godaddy url -- depending on browser, if crl is not available then ssl can be flagged as invalid.

A registrar of a domain has NOTHING to do with the resolving of your domain, once it has been sent to roots.

Do a simple dig +trace query for your domains, where in that line would your registrar be talked too? You hit roots, you hit servers for your tld (org.com,etc), you hit your NS = done. A registrar

Re:

[kwalker]

Yes, I'm sure it wasn't an SSL issue. It was a straight DNS "Domain not found" problem.

However, thank you for the idea of looking up the secondary NS records. Turns out our .com's nameservers reside in our .net domain, which is handled by GoDaddy. I'm off to change those to our static IP addresses.

Re:

[Alien Being]

Bogus glue records pointing to godaddy name servers instead of your own?

Re:Lies

[dgatwood]

Never attribute to malice what can be attributed to GoDaddy's incompetence just as easily.

Re:

[causality]

Never attribute to malice what can be attributed to GoDaddy's incompetence just as easily.

Insecurity and exploitability are forms of incompetence. So this doesn't actually make much of a difference.

Re:

[maxwell demon]

What's worse: Not being able to keep your network running when someone actively tries to disrupt it, or not being able to keep your network running under otherwise perfectly normal conditions?

Perhaps...

[ackthpt]

if they'd pay some of that massive advertising budget to competent employees, quality software and proper maintenance. ... naw, bring on the chick ads.

So that's, what, two big hits for Go Daddy this year?

Re:

[DickBreath]

Does "network issues" just an obscure way to refer to something about using Microsoft Windows for servers?

Go away GoDaddy

[skaag]

I don't buy this for a nickel, and I doubt they are even capable of detecting that a problem was caused by "external influences".
Laughably feeble attempt to save face in front of countless customers who should have known better than to use GoDaddy services.

Re:Go away GoDaddy

[fuzzyfuzzyfungus]

Hey, cut them some slack. Lying in public is one of the few pleasures of having a customer base that consists of people who don't know better...

Re:

[ColdWetDog]

That certainly explains why politicians smile so much...

Re:

[skaag]

I actually do happen to have a clue, Anonymous Coward.

And as I suspected might happen following GoDaddy's cowardly (and patently false) statement, today the "hacker" (who obviously also has no clue?) released some more data he obtained during his attack, to prove that it wasn't a GoDaddy "Glitch". I suspect with their level of incompetence, he probably still has access!

Not so sure

[Anonymous Coward]

I received emails last night from some SAAS companies claiming that there service outages were due to attacks by hackers. They did not mention GoDaddy specifically, but I know their DNS is hosted there.

Why would they be saying it was hackers?

Sounds like damage control to me.

Re:

[Anonymous Coward]

Because someone on twitter said that they did it and everyone believed them?

That makes more sense

[Spy Handler]

There was no other indication of a DDOS than the "I did it" tweet by a lone troll. To knock out someone as big as Godaddy for as long as they did would've required an epic-scale DDOS and you'd think something like that would've been noticed by their upstream providers.

This is the second time this week an Anonymous troll lied about an attack (the other one was stealing iPad device ID from FBI)... Anonymous's sterling reputation is being tarnished!

Re:

[Anonymous Coward]

I like how you so easily believe that they were both false. It makes me giggle.

Re:

[Jason Levine]

We have one Anonymous member claiming that it was his attack that brought down GoDaddy.
We have GoDaddy claiming that it was network issues.

Lacking any further evidence, we're in a he said-she said scenario. While I'm not advocating blindly believing GoDaddy representatives, blindly believing an Anonymous member without any evidence to back him up seems foolish also. (A tweet the Anonymous member made during some service's downtime doesn't count as evidence.)

Re:

[Anonymous Coward]

What I think you mean is anonymous troll. Anonymous weren't trolling, as in, a person who is an active participant in the Anonymous movement.

There is a difference between an anonymous person and an Anonymous person in this case. The former is just any random person on the internet with a pseudonym trying to troll the latter, which is a group united under one pseudonym.

Re:

[ColdWetDog]

What I think you mean is anonymous troll. Anonymous weren't trolling, as in, a person who is an active participant in the Anonymous movement.

There is a difference between an anonymous person and an Anonymous person in this case. The former is just any random person on the internet with a pseudonym trying to troll the latter, which is a group united under one pseudonym.

Maybe you ought to trademark the term "Anonymous" - too many people are using it, customers get confused.

Re:

[jameshofo]

Then again at least they're honest enough to admit it, but then again the tweet only says, #TangoDown -- godaddy.com | by @AnonymousOwn3r. it appears to be the ASSumption of the original author that it was a DDoS.

but then again taking a look at some of the tweets, you get more of a "c'mon are we actually taking this seriously?"

Surely we can take some artistic Licences with the quotes from go-daddy as well! (From the article)
Wagner also noted that the company has provided a 99.999 percent uptime in its D

Re:

[adameros]

Early in the outage (1st hr), I was looking at http://www.isitdownrightnow.com/godaddy.com.html [isitdownrightnow.com] and it was able to still ping godaddy.com (I'm assuming the IP was still cached), but it had, as I remember, 3000ms+ ping times. To me, this lends a little credence to the DDOS claims, but it is not definitive.

Re:

[nmos]

What makes you think an attack would have to involve a DDOS? There are other ways of attacking a network you know.

Re:

[flex941]

Just yesterday I was cleaning up a customer's hacked Joomla site heavily pounding with pings and port 80 requests some North-American IP address. A bit later the GoDaddy DDOS news appeared on Slashdot. Coincidence?

TG Posted...

[wbav]

This shirt [google.com] by Think Geek fits.

Can't win here.

[JustAnotherIdiot]

If you were hacked? It shows your defenses are weak.
If you weren't hacked? It shows you have some seriously poor management/backup equipment.
Either way, less people are going to want to use you after this.

Another KKR debacle

[Anonymous Coward]

Disclaimer: I work for a company that got "bought out" by KKR, just like GoDaddy.

Since KKR bought them out, GoDaddy has jacked up their prices (to make up for the billions I'm sure KKR "leveraged" out of GD for their execs and shareholders), took a pro-SOPA and PIPA stance (which garnered them a bit of a boycott), and is now having infrastructure problems. I haven't heard, but I'd bet there were layoffs and some brain-drain shortly after the KKR mafia took over.

Go figure.

If you own stock in a company that

Re:

[iplayfast]

according to www.stockchase.com KKR

"Would characterize dividend as not being safe because it is merely a function of income that the company generates on a quarterly basis. It goes up and down depending on whether they are capitalizing any deals. This quarter will probably have a very nice dividend because they just sold a position in Alliance Boots to Walgreens. Trades at a very reasonable price."

In other news godaddy is still having problems. They weren't relaying emails from a website I have with them, I

Re:

[ArsenneLupin]

If you own stock in a company that is being eyed by KKR (think: Bain Capital) dump it quick.

Why would you dump stock of a take-over target? Just keep it until the take-over at least... stocks usually rise in anticipation of take-over, because the buyer, no matter how incompetent, will usually pay premium for the stock in order to ensure a quick conclusion of take-over... and if the buyer is so incompetent that he doesn't know that he has to do that, he won't be in a position to ruin the company, because he'll never own enough shares in it.

Well duh ...

[jest3r]

If one "anonymous" person could take down 5 million websites then we might as well give up on the Internets ...

Then again it could have been one GoDaddy Admin who accidentally misconfigured the routing tables that caused all of this ... I'd probably want to be anonymous if I was that person as well ...

Can I have my $80 back?

[CubicleZombie]

That's what it cost me to figure out that each hosted domain has a different credit card record for autorenewal. So updating one record won't stop the rest of your domains from expiring. Bastards. They're worse than Comcast.

Good for me, though, since that caused me to switch everything to a competitor and not be affected by this outage.

It's the network!!

[ctime]

This is almost certainly a result of a network change plus some really bad luck. Big player BGP peering connections are under intense scrutiny right now because of a few mistakes made at company A were introducing blackhole routes into company B (c,d,e,f's) routers.

Networking is the most often overlooked, often shit on, everyday service that everyone ab(uses) and gets pissed when it doesn't work properly. Like toilets.

99.999% Doesn't mean what you think it means

[Anonymous Coward]

They were down for 6 hours but still claim 99.999% uptime. But unless they have been around for more than 57 years, I dont' see how that is possible. Wonder what funky math they use to back up that number.
  https://encrypted.google.com/search?q=5+hours+%2F+(1-99.999%25)

Re:

[Burning1]

I suspect they declared a 'maintenance window' 5 minutes into the outage.

Re:

[trancemission]

I read somewhere their 'premium dns' service was unaffected - not got a link though.

Re:

[Phroggy]

I don't buy that. It may have appeared up, but that's because everything was intermittent all day.

So what?

[thePowerOfGrayskull]

To this I say "so what"? When you have one primary job to do - respond to DNS requests for millions of domains that are registered through you - and you fail to do so, it's over. No matter what the root cause is, you caused *millions* of web sites to be unreachable for most people, for a period of time spanning hours. This is not "oops", this is catastrophic failure from a business perspective.

I can only hope that sufficient numbers of customers will be as offended, and seek more reliable solutions.

Intermittent

[Spazmania]

"Yesterday, GoDaddy.com and many of our customers experienced intermittent service outages starting shortly after 10 a.m. PDT. Service was fully restored by 4 p.m. PDT. "
http://www.godaddy.com/newscenter/release-view.aspx?news_item_id=410 [godaddy.com]

Must be that new definition of the word "intermittent." The one roughly synonymous with "total."

but what if the cause *was* a hack?

[dutchwhizzman]

What if the cause was actually a hack, but they didn't notice it? Corrupted routing tables don't occur all by themselves and single routing tables taking a whole provider down doesn't happen that often either. I wouldn't rule out the possibility of *a* hack just jet.

A lie, but...

[stevenfuzz]

Wouldn't you rather the world think that you were hacked by some unbeatable magic hacking group, then your company went down due to your own ineptitude?

anonymous?

[slashmydots]

So anonymous took responsibility for it? Wow, I guess they were talking out their asses just like any other immature, pathetic little hacker kid. Way to downgrade their image straight down the toilet.