BREAKING: GoDaddy’s DNS Servers Go Down, Taking Thousands of Sites With It

he just posted godaddy's python server structure code to prove he's got access :waiting:
 
faking their server info? He tweeted the directory info directly to godaddy
 
"Judging by his latest tweets, I'm starting to think he's faking. Posting source code is not Anon's typical MO and is against their typical protocol."
 
they dump entire databases into pastebin all the time
 
users commenting from reported godaddy employees say it was an attack, and not an internal problem. I know a lot of users on twitter say anonymous had nothing to do with it... the godaddy employee claims it was an attack.


As a former GoDaddy employee with a good number of current employees as friends, I can confirm that this IS NOT correct. It was a DDOS that was the issue.
Source: Network engineers who worked on mitigating the issue.
Click to expand...

idk
 
I still think he's faking it and his association with Anonymous.

My first issue that I have is that the so called "directory" data he posted is a bunch of Python code from an open-source domain registration project from Sept 2010, and has been dead in the water since December 2010. It's been posted on Google's CodeProject since conception, and at one point I recall it being on SourceForge. Oh, and if I recall correctly the original author was Chinese by the username "ttpython" which explains the random Chinese comments. AnonymousOwn3r is Brazilian.

The SQL Injection he posted doesn't show any HTTP 200 OK successful attempts. All I see are a bunch of 302 redirect requests. Which is a defense against SQL injection, when "escape characters/phrases" are entered, the front end will catch an exception and redirect the user to another page (usually a temporary redirect to the homepage). This is a much cleaner solution to the 500 and 404 returns, as a redirect is much more friendly to a customer than a 404 or 500. That's application security and design 101. A 302 redirect means nothing more than that. Had he posted data I would be much more likely to believe it.

I'm not sure what tool he's using, but most tools (which I will not post here as Im not going to aid any script-kiddies reading this who want to attempt to hack something) will detect a "HTTP 302 Found" as a vulnerability. That is because it has always been taught that a 302 can mean SQL Injection success if there is not a proper redirect script (i.e. redir.aspx). However, as with most technology, standards/policies change fast and redirect pages are much more common where security is of any importance (as it would be at GoDaddy) than they were 5-10 years ago.

A DDoS attack is much more believable than the data "vulnerabilities" that he is posting. Any script-kiddie can use any number of tools (once again, will not post) to do an automated DDoS attack.
 
no clue... just going by what others have said. Could these people be lying as well.. sure

===
Godaddy actually switched their own DNS records to VeriSign to bring their own site back up.
===

My brother in law is an SQL manager for go daddy and he stated yesterday that it was indeed a ddos...in fact it was. ..."another fun day at work..been down with ddos attack for an hour now....stupid script kiddies think ddos is hacking "
===

(I said this in another thread but it's worth mentioning here, with all the disinformation going around.)
I didn't follow the events while they occurred but my understanding is only the DNS servers were down. You could still reach servers, godaddy, etc. by IP.
The DNS servers were ******. Perhaps hacked, or perhaps ****** in other ways, but they were ******, and that's all there was to it. There was no router table corruption or network misconfiguration since they were reachablewhile their DNS servers were ******.
Therefore, in conclusion, their DNS servers were ****** and nothing else. They just don't want to admit that.
Addendum:
The SQL injection theory is sort of plausible since godaddy DNS was manageable through a web interface and changes were reflected immediately. Most companies have a habit of not applying secure coding practices, and no doubt their **** was kludged together by different people over the years (they grew too quick and chaotically, plus the management seems incompetent given their history and culture). I suspect foul-play, a couple of critical tables dropped that ****** DNS service, and a slow painful recovery procedure -- I imagine their DNS database probably being one of their largest amount of data pertaining to their infrastructure.
===

It was external even if it wasn't anonymous. Yesterday a co-worker and I clicked through their site and most links off of the homepage linked to the trollface with the word "Problem?" underneath it. Wish we had taken screenshots of that, cause it definitely wasn't caused by a router issue.
 
another message -

===
they were reachable by IP during their DNS outage. So the routing tables were perfectly fine, and their routers were completely operational. Proof: use BGPlay to view the history of route announcements on the Internet, select sep 10 from 00:00 to 23:00, for 208.109.0.0/22 (one of godaddy IP range)). As you will, there were no route withdrawals, only reannouncements.
It was their DNS servers which were ******. It could have been hacked, it could've been a fuckup, who the **** knows, but that was the only problem they were having at the time. It just happens they are the largest registrars and so there was immense blowback by their customer base, and a lot of clueless customers that conflate complete downtime with DNS downtime.
 
You must log in or register to reply here.
Back
Top