Register.com suffers further DOS attack

Use the money we pay to fixit
Why this not happend with all the rest..?
you had to be prepared before anyone

Register.com you have put me out of business today! I can't even contact you directly via email or the web to complain about it. You've lost me as a customer and my 6 domains are coming with me! Good thing my FREE GMail account is working...

I think that it's a bit unfair to direct your anger at Register.com. The sh*theads who are carrying out the attack are the people who you should be angry with.

In my opinion no punishment is too severe for hackers. These morons are costing hard working people their livelihoods.

Hang them all I say!

Of course you should be angry at Register.com, they are a huge company and should have adequate security. Hackers are doing what they have always done and there is nothing you can do but stay a step ahead of them. How come this didn't happen to GoDaddy or Network Solutions? They need to hire decent programmers, end of story.

Could this ddos attack be from a part of the botnet created by the conficker worm? Just guessing here.

Hertz was out of action for me, as were other car hire sites.

Looks like Hertz sites are DNS'd by their own DNS servers, from the whois.

Maybe more than just Register.com are suffering?

Results for Hertz.ie whois
domain: hertz.ie
descr: Ryans Investments Limited
descr: BODY CORPORATE (LTD,PLC,COMPANY)
descr: REGISTERED BUSINESS NAME
admin-c: RKB6-IEDR
tech-c: CCA7-IEDR
renewal: 31-December-2009
status: Active
nserver: DNS4.HERTZ.COM
nserver: DNS5.HERTZ.COM
nserver: DNS6.HERTZ.COM

I just contacted Register.Com to inquire why my Company e-mail is down. It is not accessible via POP3, SMTP, or via the web, nor is the website administration available. I have been advised by Register.Com that all their servers are down, that they are currently experiencing a DDOS (Distributed Denial of Service Attack) and that they can give no indication when the systems will be restored.

Too all those out there criticizing Register.Com, it's rather like blaming a house for falling down when it's hit by a tornado. We have huge illegal hackeing problem in the United Stated, indeed worldwide. To pull off an attack large enough to bring down Register.Com, the hackers must be using a HUGE network of hijacked computers (BOTNET). They advised it is coming from "all over" the internet and that they cannot localize it. Now we know what the April 1 virus was going to do.

It's time to get serious, find these perpetrators and lcok them up for life. They are now endangering the world economy. The internet is not longer a novelty, this is tantamount to destroying the electrical grid or the telephone network. It's time we all woke up and treated it as such.

2 days in a row is just too much Bye register.com

That must be a hell of a huge botnet to lock up register.
Sorry to the customers affected tho. Not much a company can do when their servers get slammed that hard by traffic.

Register.com is usually very reliable, and I do believe it is the fault of the hackers, I do really hope register.com can get my websites and emails up though, two days without emails and the likes is very difficult.

This could now happen to any domain name provider

Our site is down too!! Well actually the site is finally back up but we have no emails..It was down for abut 3 hours! Lost a days worth of business, they should definitely be able to sustain these losers aka hackers!

Hackers do not bring systems down and certainly do not do attacks.
A hacker enters a system and uses it for it's own purpose, he does not harm the system or other systems.
These people doing this kind attacks are Crackers, big difference.
Please use the right names, as hackers make the world a better place, not worse like crackers do.

you have to be kidding!! you mean that you ignored the warnings about april 1 virus attack, obviously you did. wow!!! nice job protecting a major way of communication with my customers! take a gift out of petty cash!

Heres inside loop on the?Register & Registry problems: Mark Drashek hereinafter referred to as my client who worked as an independent oil magnate in country, who died in a car cash with his immediate family in East London on the 8Th of November 2001.
My late clients formal Sub-Comptroller working with Chevron Texaco Oil here in the United Kingdom and had Left behind a deposit of Nine Million Eight Hundred Thousand British Pounds Sterling ?only (£9.8million) Well of Course There Are going To Be Problems, Owing Drashek Near TEN Mil $. Drasheks'ONE Ruby Tear May Be What Done it. STeWie Drashek

Our site is still not accessible. Anyone else?

Register.com tweet from 4/2/09 @ 4pm EST says "We experienced a DDoS attack today- all customer sites/services have been restored; we continue to have intermittent outages on our website"

I complained last night via the phone and got a 1 year extension to my premium Web Forwarding. It wasn't offered but I complained loud enough.

My website is still not up and I have no access to my email. Completely incapable of reaching my customers. Register.com is still down. I'm waiting on the phone for an update, but the wait times keep increasing the longer I stay on the phone!

I am in NYC and it is now 1300GMT and I still can't get through to register.com. Does anyone know what they are doing to fix this?

I've not been able to access my email since yesterday evening (2 April) and it is still out.

When I called the customer service number I heard a message that said something like.."for FUN conversation call....800.....) and then the phone clicked and a screeching buzz came on. In essence there is no way to contact Register.com.

Is this the only service provider that is having this kind of trouble? This is REALLY a problem!!!

Man. I'm down too. all 4 of my sites. 2 still up who don't use reg.com.

It's a tough world with DDoS. The truth is there's little you can do. Companies like Google have enough money (i.e. bandwidth) to out resource such an attack.

But i guess mere mortals like reggie can't cut it like that.

I can't be too hard on them though. There is no anti-virus or spam protection for availability attacks (and we all know IDS pattern matching is a waste of time). No 2x4 coder who screwed up here.

It's like filling a funnel with oil. If the oil starts to pour quickly the funnel overflows and it all shuts down. But the only way to stop it is to stop pouring, which shuts it down anyway.win-win for the bad guys.

Good luck to all you down-timers out there. It's a tough world with DDos.

It seems that as of 12:20 EDT on 04/03 there is another DDOS going on. Register.com had the benefit of the doubt from me for the first two, but I will be on another provider ASAP.

My web-based businesses have suffered a tremendous blow!! I called the CEO of REGISTER.com Larry Kutcher yesterday. When I first contacted their "support" staff on April 1st I was "given" a $10 credit after complaining I had already lost $1200 in sales!!! I am a writer and would like any company who is experiencing the same problems to contact me. I will be submitting the story to the Wall Street Journal in addition to other media sources.

Outraged with Outage in Manhattan

Kirby Sommers

I can be reached at kts00022 at aol.com for those who wish to be included in article.

Kirby Sommers

There is nothing to fault Register.com for here...They are under an attack, plain and simple. Can they prevent it? I don't think so? Should they pay us for the down time? I won't be asking for anything. It'd be like suing a mugging victim because the ambulance that picked them up made you late for work. How stupid would you be to do that... Make a victim a victim again...I called and the wait time still wasn't bad and I got a live person... that's why I'm with them!

Imagine 1000 pc`s or more sending Dos to all DNS servers at register.com how to stop that? eaven an ISP can`t stop this, firewall is useless.I`ll stay with register.com until the end, i`m from 2001 with them and had no problem since now.

Well this is 2 full days of being locked out of my business email. Trying to get caught up when it finally does GET RESOLVED will be a nightmare at best! Sorry, but Register should be prepared for this like the other large domain servers who CHARGE US to host our webmail!!!!

Obviously, Register.com has seen the article and someone is attempting to spin this as 'not their fault'. Certainly, the attacking PCs are not their fault. What IS their fault is the lack of a good contingency plan to keep running (even if crippled) in the event of a catastrophic attack. Saying 'sorry' doesn't replace the lost business this costs. I'll be history with Register.com (as soon I can get to my accounts). They should have had a disaster plan, plain and simple.

Frankly a company thats provides DNS services for over 1.4 million domain should have seen this coming and planned for it. We host only 10 clients and we planned for it ! We did get hit - but we switched to out backup pland and out clients were running within 10 mins. And we are a small business !! Thats why we should angry at register.com - not because they got hit - but because they cannot mitigate against it ! I'm happy to share our solution to anybody who wants it. Its not rocket science. mikep500@hotmail.com

DDOS attack is intentionally malicious flooding of Register.com systems from various points across the internet.

Don't blame Register.com

Think of it this way. If you paid to park your car in a parking lot and someone scratches your car who do you blame?

I think they have been getting attacked a lot lately....as our email service provided through them has been getting slower and slower. I'll click to open an email and go navigate elsewhere until I see it has finally opened up. It got so bad on Monday, I canceled their service.

Well seems like they have this before. You would think they would have had backup measures by now ?

google for more info

http://www.secure64.com/news-register-reflective-ddos-dns

or here Under Incidents....

http://en.wikipedia.org/wiki/DDOS#Distributed_attack

@PLandis When you have a sophisticated distributed denial of service attack like the one that must have happened to take register.com down, there is simply NO WAY for them to properly plan for that. Basically you must have a pipe LARGER than the sum of every attacker, consider that there may be as many as 50 million machines in that Botnet! How big would their hosting pipe have to be to take that amount of bandwidth? It's just too large, and it doesn't exist. If they're working with Comcast/Verizon on this problem, likely they're attempting to shut down the botnets at their source to mitigate the damage.

I can't afford to stay with register.com. It seems to happen too often....
What are some of the good alternative companies that people are turning to? Has anyone had any luck switching to another service company for their email hosting needs?

Not sure of the times, but day before yesterday we noticed the 1st outage, later in the (EDT), then yesterday it started a bit earlier, and today it started much earlier and is still going strong. Can't even get to register.com's site, let alone those of it's zillion clients w/ DNS hosting.

So my question is this: why are a bunch of high-skill virus writers show boating like this, rather than trying to sell fake anti-virus software to old people? Weird to spend all this effort w no profit motive.

I've been involved with the internet technologies since the mid-1980s, so don't feed me the "it's so complex, there is nothing you can do about it, you don't understand it crap". There are ways to re-route traffic and provide redundancy. They chose not to plan for the worst case scenario, which appears to be happening. They don't even have a major press release to let people know what is happening. They don't have as alternate web site to post an announcement. These are huge blunders in this day and age.

It just came back. Of course, no message on their website. I hope they are not going to act like nothing happened. Everyone should get a credit and a formal apology. This outage was costly!

I haven't been able to access crap! It's still down for us! I'm with "For Hiro!" There is no excuse whatsoever for this. Our company will be pulling every ounce from this fraud of a servicer.

We are STILL DOWN. I'd like to know from "What do you know" how they got back up and running today. I know one thing - if Register is not up by tommorrow I too will be dropping this service like a hot potatoe!

I agree with For Hiro, it's like they never considered or planned for a worst-case scenario. It's inexcusable for a networking company to be unprepared for a network attack. Also, Register.com seems to be trying to hide the outage from its customers and that's pretty weak. It shows a company that's not well managed.

We've had lots of phone calls the last few days from unhappy customers :(

Yes, hosting is back up, but everything is moving at a a snail's pace. It's not feasible to update sites at this time. Loading a URL takes 30+ seconds. Hopefully we'll be back up soon...

my title should read, "PLandis is Right"

I need my email back, NOW! This is unbelievable!!! And How is it ...in today's day and age that there is no way to contact register about this issue??? I couldnt even figure out what was going on until I searched through google and found this site. I dont see any excuse for this in, and no notification or word as to what is going on to their customers. who RELY on the domain & email to make a living. I am BEYONF flared about this..... and i need to know who i can contact regarding...any help people?

As many of the other techies have said, there is no way to 100% protect you servers that are open to the internet at some level from attack.

Several of my companies websites have been intermittent over the last few days, and we've gotten some customer complaints.

This must be a large scale attack.

Lots of complaints about Register.com failing to have a contingency plan for this. Apparently, they're coming from people who also failed to have a contingency plan for this.

Got this from them today

Dear Simon,

Earlier today we communicated to you we were experiencing intermittent
service disruptions as a result of a distributed denial of service
(DDoS) attack – an intentionally malicious flooding of our systems
from various points across the internet.

We want to update you on where things stand.

Services have been restored for most of our customers including hosting
and email. However for some of our customers, services are not fully
restored. We know this is unacceptable.

We are using all available means to restore services to every one of
our customers and halt this criminal attack on our business and our
customers’ business. We are working round the clock to make that happen.

We are committed to updating you in as timely manner as possible,
please check your inbox or our website for additional updates.

Thank you for your patience.

Larry Kutscher
Chief Executive Officer
Register.com

Toll Free: 888-734-4783

Anonymous Coward makes a somewhat valid point, but this does not reduce the blame Register.com deserves.

Also, most Register.com customers are tiny little businesses, Register hosts more than 1 million domain names and has multi-millions in revenue. Truth is, most Register.com customers lack the technical expertise to even know they might have considered this scenario.

it seems it is planned by GoDaddy..

you know the botnets can theoretically knock decent sized countries offline, just because you move your stuff somewhere else doesn't mean it's safe.

After 5 hours of no email's...it is finally working.

"F" register.com for their many mistakes.

1. Not inoculating itself for better protection.
2. Not offering better communication to its customers. You would think they would have performed better on Twitter other than their "thank you for your patience" attitude.
3. Better customer phone support when you called in to see what the "F" was going on. Reps were clueless....or acting like they were?

Screw them...register.com is history with our company. Their crisis management team flunked big time with us.

All those that say it's not their fault are simply "whistling by the graveyard".

Keep whistling while you lose more business!

Cyberspace 9/11 is here, by Kirby Sommers

Cyberspace 9/11 is here. A trojan worm similar to the planes that crashed into the Twin Towers on September 11, 1999 are causing havoc to companies such as Time Warner Cable, Register.com and UltraDNS owned by Neustar and to millions of their customers throughout the United States and Europe.

Time Warner Cable’s director of digital communications said it’s DNS servers have been targeted by “denial of service” attacks for seven days commencing on February 19. DNS servers matches easy to remember web addresses to corresponding numbers and without these translations working, web browsers are unable to find their destinations.

UltraDNS the Reston, VA company had serious DOS attacks on April 2 and acknowledged in a statement that same day: “Early this morning, our monitoring systems detected a significant denial of service attack, which affected a small subset of our customers, in some cases for as long as a few hours.” Customers affected included Amazon, com, Oracle, Juniper, Diamond,com, Salesforce.com, Advertising.com and Petco.com.

Anyone trying to reach those websites and others impacted by this attack received error notices like “page cannot be displayed”.

Although both Time Warner Cable and UltraDNS claim to have the problem under control, Register.com is in its third day with no end in sight. Larry Kutscher, CEO of Register.com said: “unnamed persons all over the world are trying to attack us. Every time we get it under control, it morphs into another attack. It’s morphed at least three to four times. It keeps changing direction.”

Steven Weiss, the CTO of the Carlton Group in New York City insists we’re under federal attack. “We have no way to stop it. Why is no news organization documenting this? Where is the Federal CTO. Where is he? Where is Homeland security? This is a serious problem. I don’t feel comfortable. We’re under attack and no one is doing anything. Just like the beginning of the banking problems. It was swept under the rug for a long time. They’re going to keep it quiet until they’re pushed against the wall.”

Valerie Hardin of Ripple Effect Communications a public relations firm whose offices are in Boston and who is a Register.com customer exclaimed: “For a PR firm we don’t even have a website. Some of our large clients are big public companies. We just lost a client who was supposed to have paid us a $74,000 retainer. And that’s just for one year. We lost that money because of what’s happening with Register.com. Losses are going to be huge.”

And, I’d be remiss if I didn’t mention that my own businesses are also in big trouble as a result of Register.com’s problems. Both KirbySommers.com where I offer renters in New York City landlord data in order to save them broker fees and MovieStub.net where I save movie goers money by selling discount movie tickets are both casualties of this killer attack. My credibility as a businesswoman has been put on the line because no one has been able to access my websites for three days. I can’t even get into my mail.

I brought up the financial loses I incurred with Kutscher who replied by stating: “My main focus is on getting back up.” For a company that prides itself on being the first online service business to receive the J.D. Power & Associates Call Service Certification, I’d say Mr. Kutscher’s response lacked service satisfaction.

Where are you FBI, CIA, FEMA and our newly elected DC Chief Technology Officer Vivek Kundra…can you hear me? We’re under attack and no one is minding the store. No one is doing anything about the internet Armageddon which has cost businesses billions of dollars. Can you hear me now or have you gotten an error message?

You can't just arrest the cow that stamepeded the herd.

REPEAL CANSPAM - Buy digital signatures for email and make micro charges.

BOTNETS infest via very respecatable looking software.

Q.Why can software use TCP services (like the port 80 open door) without the user knowing!
A.Poor design - Vista UAC was designed by children for children - it does nothing for the rest of us.

Optionally sign DNS requests. Only serve signed requests at times of high strees (attacks)

Let the ad hoc user be anonymous. The business user gets to pay for a safer service by being certificated and identifiable. Yes - You get caught with CONFICKR etc. you get to buy a new Private Key and a Certificate.

ISPs ought be able to make a little more by providing this sort of service and the CIA can save a few cents on trying to identify the perps.

Yep - my sites are down too

Do you think other companies could have done any different, register.com after talking to them and yes waiting on hold, I got an employee that was obviously having a hard day. I think she was about to try, she said a few employees have worked 24 hours. She also said they did have preventative measures.

Just wait, other registrars get hit, the government got hit but a DDoS attack.

Now after understanding it, I fully believe it was another registrar pulling a low blow, my anger is at the attackers.

Good job Register.com, keep going, I hope you all get some sleep soon.

PS I did also lose money but I will look at insurance to cover my losses if I can, not whine to a victim of an attack they DID try to prevent.

Joe....the responses NOW being taken by register.com should have been done way before this happened.

There's no excuse for poor communication to this problem.

There's no excuse for not being better prepared for an attack...as they are now.

Your empathy for their situation is sweet but several small businesses were hurt last week....and register.com did little to communicate what the F was going on..until it was too late.

Now they are all over the communication issue....a few days too late.

Our company makes mistakes too but it's how we handle them with the customer that results in a positive/negative satisfaction with our business.

As a customer of register.com....communication was horrible and too late.

Mark

You just don't get it. The 'net is a huge interconnected mess. And while it's massive and can send huge amounts of data - its like the highway system. Once in a while when the big game lets out, the traffic stops because it overloads.

These botnets have the ability to focus traffic anywhere they choose. And when they do, that area of the net - not matter how large, well engineered or redundant WILL overload.

Now if I were with register.com - I'd move. They obviously pissed off the wrong people. But it's not a question of them having a good DR plan or not. It's a matter that if someone with a control over a botnet wants to blast you off the net, they probably can. Welcome to 2009 on the net.

Since you don't own the net, and you don't control it - why would you make your business dependant on it? That's lack of DR and business continuity planning on your part!

Register.com is not the only one targeted by attackers lol Look it up.

And to my knowledge the only company that has ever sucessfully fended off a dos attack was microsoft

"So my question is this: why are a bunch of high-skill virus writers show boating like this, rather than trying to sell fake anti-virus software to old people? Weird to spend all this effort w no profit motive" ....."3rd Day" ....posted by : Sam, 03 April 2009

Sam,

You may like to consider that such petty inconsiderations as you have suggested are of no interest to high-skill virulent and virile binary medicine writers whenever BetaTesting of Virtual Levers/Digital Clubs XXXXytaOrdinarily Renders them Absolutely Fabulous Immaculate Control of Power in TelePortation Cloud Protocols.

And Yes, you can fully expect IT to be one of those SP00Key CyberIntelAIgent Operations/AIR&dDs from Levels/Depths of a much more Sophisticated Universal Intelligence than would normally be Exercised by Man ......... which, as all too often is so undeniably proven to be at the Sub-Prime Intelligence Levels of the Moronic Savage hell bent on displaying the Idiocy of Self-Destruction ....... Systemic and Endemic Madness with their Psychopathetic Follies of the Feeding Frenzy being Mirrored in the Parallel of Personal and Business [Corporal and Corporate] Greed ....... for whenever too much of anything is laid to waste in a world of plenty with all born with nothing, is there always a Dire Straits Problem and a Clear and Present Mortal/Immortal Danger for Those who would Openy Conspire to have and control so much for themselves ..... and thus would they be individually known and be shown to the Moronic Savage to Both Server to Enlighten and Give Good Course and Direction for the Systemic Source Self-Destruction of their Idiocy and Endemic Rage .......in AI Programmed Madness and Badness.

"Weird to spend all this effort with no profit motive" ...... Cloudy Controls are into wholesale Capital and Sovereign Wealth Transfers/Virtual Securitisations, Sam, 42 Server and Protect them from Bankers and Banking into Criminal Frauds and Conspiracies to Rule Over and Control Good Governments and Visionary Leaderships with the Restriction of Flow of Currency with the Twin Ponzi Tower Creations of Debt and Credit.

" Money is like water, block its flow and it will stagnate." ... " We have to make history and approach the future with steady steps, not wait for the future to come to us." .... are Words of Infinite Universal Olde Wisdom and from a Fluid Store and Natural Spring of such Sparkling Jewels, too.

"And to my knowledge the only company that has ever sucessfully fended off a dos attack was microsoft" .... "Dos attack at godaddy March 12th"
posted by : Amanda, 05 April 2009.

Such lessons learned would be valuable for an attack, Amanda.

OPEN LETTER TO LARRY KUTSCHER, CEO OF REGISTER.COM

Larry,

While waiting to hear from you, I have discovered the following:

1. Register.com advertises on all of my parked domains, as well as everyone else’s domains. I was never told you would be doing this, I never consented to it, and to date I have not received ONE DIME from your use of MY REGISTERED DOMAINS.

2. I have also just discovered that Register.com is advertising on my PRIVATE domains where I pay your company EXTRA!! Again you are doing this without ever disclosing this fact to me, and to other customers.

In addition to accepting advertising revenue on my PRIVATE Who is information Register.com has LINKS to your services!! This is one of them:

http://www.register.com/titan/promo/interactive_guide.rcmx?trkID=EMA1qyRVwW

While researching customer complaints, I came across issues regarding automatic billing problems with Register.com, which appear to fall under fraud and deceptive business practices.

In fact, all of the above falls under fraudulent and deceptive business practices.

I ask you to either: begin compensation at once for all monies generated from the use of my domains, or to cease and desist immediately from using my domains as free advertising for register.com and from selling advertising space on my domains!

Furthermore, the loss of service that occurred last week has brought to light the painful reality that Register.com is not being truthful in your advertising campaigns. Your apparent lack of concern about the domino effect your Denial of Service (DOS) attack had on my business is an eye opener. I used to own two stores in NYC and if anything happened to anyone on my premises I was responsible.

I believe Register.com should be responsible to its customers for anything that happens to our online storefronts when something happens to you.

To see that you are doing nothing, saying nothing, and only attempting to save your own business by offering new customers financial incentives is insulting to the very people who have contributed to the success of Register.com.

I anticipate all the issues I have brought to your attention be resolved immediately. Please note I am sending this email as an OPEN LETTER that I am making available to other Register.com customers.

Yours truly,

Kirby Sommers

i saw on another blog post, some guy named Eric mentioned www.dnsreviews.com. this site has some pretty good information regarding some of the top dns providers out there. sounds like lots of you are looking to make a switch of your DNS, this is a good starting point. lots of good writeups on the companies and some reviews as well.

Today, www.register.com is again not reachable for hours (days?), as aren't any of the register.com subdomains. It seems that most DNS servers are, however, still active. Is it either a matter of time they'll go down too? Time for another registrar?