Poor Les, is on Sunday support today and knows he’s facing a lot of email and calls. On his way in, asked me for some guidance on three specific questions he is expecting to face a lot today.
Those questions are:
- How did something like this happen, and why did it affect me/my domains/my client’s domains so hard? I thought you had fixed all this so it couldn’t happen.
- This happens way too much with you guys (several references to the second time this year already);
- Can you reassure/guarantee that this won’t happen again to me. What can I do make sure that it doesn’t affect me the way it just did. Is there something I can do with my settings to better ride out something like this? What’s my best practice?
And our responses are as follows:
1) How did something like this happen, and why did it affect me/my domains/my client’s domains so hard? I thought you had fixed all this so it couldn’t happen.
Unfortunately, we live in an age of escalating DDoS attack intensity which affects all online service providers. After we were attacked last night, the target domain moved to another commercial DNS provider, crashed them, moved again to a third commercial DNS provider, who is now under an intense DDoS attack themselves.
Everybody who has been hit with this attack has suffered from it to the point where they are simply desperately trying to get rid of the target domain.
2) This happens way too much with you guys (several references to the second time this year already);
We agree. This is why we are going to be enacting a new policy regarding new domains entering our system effective immediately.
In a nutshell: no more porn, no more gambling.
Every single DDoS attack in this company’s history has involved one of the following: ponzi/HYIP sites, porn sites or gambling/casino/betting. (Yesterday’s attack was porn.)
HYIP/ponzi websites are already specifically excluded from service here in our AUP. We will now be adding exclusions and associated prescreening for porn/casino/betting websites.
We pass no moral judgement on these types of endeavors. But it makes no sense to ruin a business we spent over 15 years building to repeatedly get our brains bashed in for these types of websites. They’ll have to make other arrangements.
We will be reaching out to existing members in these categories to either allow specific cases of grandfathering-in, additional precautions (segmentation) or assistance relocating.
3) Can you reassure/guarantee that this won’t happen again to me. What can I do make sure that it doesn’t affect me the way it just did. Is there something I can do with my settings to better ride out something like this? What’s my best practice?
Unfortunately the only guarantee we can make when it comes to DDoS attacks, is that whoever your web services providers are, sooner or later one of the ones you rely on will get hit again.
In the summer of 2010 we posted: DNS And Dos Attacks, how to Stay Up When Your DNS Provider Goes Down, which basically steps you through the best practices to employ to make sure you can ride out an attack against your DNS provider, regardless of who that is.
We just updated it today to reference our easyRoute53 interface to Amazon’s Route53 DNS, which we are told several members used during the DOS to export their DNS settings to Route53 and added those nameservers to their delegation during the attack.
I will still be posting a detailed post-mortem later today.
I don’t see how this is the fault of EasyDNS. Things like this happen all the time, and it is unavoidable. Even Government servers get attacked, so nobody is immune to attacks. Maybe this time was porn driven domain that caused the issue, but other domains could get attacked and EasyDNS should not be responbile for domain owners who do not have the proper security on their web servers. Prevention starts with the domain owners, and I’m sure EasyDNS does whatever is needed to prevent such attacks to begin with.
Thanks.
-Wilfredo Reyes
Hi Wilfredo,
Thanks for the vote of confidence.
Honestly, we did do our best, and I don’t think folks are finger-pointing or anything but it’s understandable that people will get upset when their domains and systems are affected by something like this. We did what we could to mitigate it, but we agree, we can do better, and we’re putting a lot of people-hours and skull-sweat (and muscle actually, servers are HEAVY!) into looking to prevent similar situations in the future.
Thanks!
Arnon
one of the easyPeople
Mark – this was a good Q & A and it was well written. Thank you. I’ve been hosting and managing sites for clients for over 21 years and DDoS attacks are unfortunately a part of the domestic terrorism landscape. While they will continue to occur, having a strategy, experience and knowledge to deal with them is a step in the right direction.