Sep 11 2012
As if to underscore our collective vulnerability, many of us lost access to our websites and our email accounts yesterday. Some reports stated it was a DOS (denial of service) attack, while Godaddy insists it was an internal issue that brought their site, and their client sites and email, down for as much as five hours.
For those of you who aren’t familiar with Godaddy, it’s a domain registrar, web hosting and email hosting company. If you decide to start your own website, such as “mywebsite.com”, you would first need to go online to a company that can help you create and REGISTER a domain name, or even an entire site. The domain name is the blurb you see in front of the .com, .net., .org, and so on, on a web address. Imagine Godaddy is the DMV of domains. Just as you go to the Department of Motor Vehicles to get your license plates, you would need a company like Godaddy to register your domain. No two license plates can be the same, just as no two domains can be the same. If someone else already registered “worldpeace.com”, you won’t be able to register it for yourself. It’s the same with personalized license plates. If someone has already claimed a license plate you wanted, (like “iluvmom”) you’re out of luck.
These days, finding a suitable, original domain name is no easy task. Most straightforward domains ending in “.com” have been taken. I read somewhere that almost every word in the dictionary has been claimed as a “.com” by someone, somewhere. That’s quite astonishing. New businesses have had to revert to registering longer, more complicated domains (like whathappenedtothephone.com), choose domains that end in less common suffixes (such as .ca, .info or .biz), invent new words for their companies, or pay small ransoms to purchase the domain names they want from other companies or “cyber-squatters”. The latter are folks who beat everyone else to the punch, and registered names like realestate.com, or lawyer.com, or inventions.com LONG before anyone thought of it. Some domain names have made people very wealthy. The average price for a domain name these days is around $10,000. Yet some companies have shelled out well over $1 million for a dot com domain. Rumor has it Apple paid $4.5 million for the icloud.com domain.
What does all that have to do with the outage at Godaddy? It’s simple. Back in the internet Gold Rush days, Godaddy shot to fame by offering discount domain registrations, and registrations in bulk. People were buying up 10, 20, even 100 domains at a time, registering everything they could think of as companies popped up overnight to take advantage of the “dot com” phenomenon. Before Godaddy, registering ONE domain could cost an average of $75 a year with a company like Network Solutions. Once Godaddy got into the act, and started lowering prices, domains could be had for $10 a year or less! It was huge. News reports told of vast fortunes made for owning exclusive rights to certain domains. And everyone wanted to get into the act. It was a virtual land grab of the Industrial Era, and much money was made and lost.
Godaddy quickly became a leader in domain registration (as well as other services), and when it came to refering someone to a company for registering a domain, Godaddy seemed the natural choice. With so many domains registered through Godaddy then, an outage would affect millions. And that’s exactly what it did. Sites around the world went off-line – or more accurately, were blinded by the high influx of traffic to the registrar. The system was simply overwhelmed.
How does this happen? It’s really not that hard to do. Think of your website, or any website, as a storefront with one set of doors. If someone decides to disrupt your business, all he or she has to do is send several thousand people to your doorway at once. If you find 3,000 people trying to enter your store at the same time, and you soon discover they have no intention of shopping, this is clearly not good news. In effect, the crowd prevents your real customers from gaining access. No one can get in, or out. Now imagine some hacker enslaving potentially thousands, perhaps tens of thousands of computers around the globe (unbeknownst to the actual owners of such computers), with some spyware. At a given time, this software could suddenly kick in, and start “calling” a pre-determined website (such as Godaddy.com). With that kind of assault, servers are quickly overwhelmed, and they shut down. This is the “denial of service” scenario. Techs then scramble to create a “new door” for traffic, but that can take hours, if not days. It all depends on how sophisticated the attack is. Is it a one time attack, or did this enemy plan it in waves, using different sources each time?
Since Godaddy is one of the largest, if not the largest domain registrar (a service that sells and maintains domain names), taking down its site can make those domain names (and there are millions of them) temporarily inaccessible. Even if the websites behind those domains are hosted elsewhere, and not with Godaddy, a crash of Godaddy’s servers would render the domains “blind” – unable to route internet traffic to the proper hosts. In short, by crashing Godaddy, the attacker removed all the street signs that internet traffic would normally use to find corresponding websites, or email server sites.
Let me state that Godaddy insists it was NOT a denial-of-service attack. They say it was an internal error having to do with their router data tables.
According to Steven J Vaughan-Nichols of ZDNET.com, Godaddy’s Interim CEO Scott Wagner made the following statement:
Yesterday, GoDaddy.com and many of our customers experienced intermittent service outages starting shortly after 10 a.m. PDT. Service was fully restored by 4 p.m. PDT. The service outage was not caused by external influences. It was not a “hack” and it was not a denial of service attack (DDoS). We have determined the service outage was due to a series of internal network events that corrupted router data tables. Once the issues were identified, we took corrective actions to restore services for our customers and GoDaddy.com. We have implemented measures to prevent this from occurring again.
At no time was any customer data at risk or were any of our systems compromised.
Throughout our history, we have provided 99.999% uptime in our DNS infrastructure. This is the level our customers expect from us and the level we expect of ourselves. We have let our customers down and we know it.
There really isn’t much one can do about an outage like this, as a customer. You might have several different email addresses, on different servers and domains, so that you’d still be able to communicate if one of those services were taken down. We reverted to our .mac accounts while our regular domain email was out. Texting is also a very handy tool, as we used that to alert many of our clients of the news regarding the Godaddy outage.
With the most recent turn of events, I am motivated to take Godaddy to task on another issue entirely – that of email reliability when tied in to the Apple Mail client. In a previous post, over two years ago, I indicated how simple it is to create one’s own domain. I stated that having one’s own domain made management of email simple, and perhaps even more secure – and we recommended Godaddy as an economical provider of such services. Sadly, we have to revoke that recommendation. We revoke it not because of the outage we all experienced yesterday, but rather because the quality of their email services has declined dramatically this past year. We discovered it was unreliable. Emails were disappearing from the server for no apparent reason. This happened not only to our accounts, but to client accounts as well. Clients we had helped establish Godaddy email had increasing difficulty with their email accounts – specifically when used with the Apple Mail program. Many, many, MANY calls to tech support later ended in the declaration that the problem “must be an Apple issue. Ask them. ”
Entourage, the Microsoft product packaged with Office 2004, and 2008, seemed to work well with the Godaddy mail servers. But now that Entourage has been discontinued, and is no longer supported on operating systems above 10.6.x, that solution is obsolete. And no, we don’t like Outlook for Mac 2011. With the iOS coming into its own, it’s time to move to the Apple Mail client. (A mail client is a program that manages your incoming, stored, and outgoing email for you. Examples are Apple Mail – the stamp, Entourage, Outlook, Thunderbird and Eudora. Note that some of these are now also obsolete.)
There are many other options available out there for email hosting. (Email hosting means a service that will rent you space on its servers (Big Computers) to house and manage your email. The concept is similar to renting a post office mailbox near you. Examples are Godaddy, Network Solutions, Rackpace, Gmail, etc). Gmail is a free one, but there are many others. In light of our experience this past year then, we recommend shopping around. As we have seen this week, putting all your eggs in one basket (registrar, email host, website host) can be hazardous. While we actually like the value Godaddy offers in domain registration, and even some hosting plans, we are much less fond of their email system. In our experience, it has grown unreliable. Repeated attempts to find solutions with their tech support proved fruitless. One Godaddy rep defended the difficulties we were having by saying “Hey, you get what you pay for”. I kid you NOT.
In our opinion, after many years of working with Godaddy, it was time to move on. Your mileage may vary of course, but we were up for finding Mac-friendlier pastures. We’ve since pulled our email accounts and moved them to another host, and urged our clients to do the same. There are folks who are perfectly happy with Godaddy’s services and value. More power to them. We haven’t lost a single email since we left, nor do we get those pesky SMTP server errors anymore when trying to send out an email. We’ve concluded that the Apple Mail client and Godaddy’s servers aren’t meant to go together, and that’s that. After the move, our email problems evaporated – that is, until yesterday. Our domains are still registered with Godaddy, and the outage brought everything down for us too. Moving registrars will be our next project. We will say that Godaddy did manage to bring things back up relatively quickly yesterday, considering the scale of the problem. For that, we’re grateful.