Monday, 10 September 2012
Tonight the Godaddy servers have been hit by a simple DDOS - a distributed denial of service involving a few dozen clients or servers that fire off hundreds or even thousands of requests a second at their servers. It's a simple attack, and very effective. It's like Arnold Schwarzenegger in Kindergarten Cop, standing in the middle of the classroom and getting all those toddler questions fired off at him. The inevitable result: he breaks down
Do I care? Hell yes - this blog is hosted at GoDaddy. I run a few websites at GoDaddy, and use their email too of course, plus a few other features and services.
My websites are up again, and so is this blog, but I don't have access to any of my email.
Whereas I already complain about bad services rendered when it comes to free or fremium services, this is one I pay for. Not dearly, but I do pay for them
I have some experience in what it takes to take down a site, or series of site. Basically, with a single PC and a bit of script you can single-handedly take out a server. In the old days. You just send it an HTTP connect request, a basic socket request, or if you're more evil than that, you send it a genuine request it should be able to handle. If even more evil - well let's not go there shall we?
In the new days? With the millions of sites GoDaddy is hosting? It would take a primary bottleneck to target, and even though the story goes that their DNS has been targeted (never mind), that wouldn't give the current results. Where's the pattern?
The pattern among all these is that the requester is in the same place all the time - meaning his IP address, the Web equal of your ZIP code and house number combination, unique in the world, stays the same.
I have been around a few P2P networks where denial of service was hot - some of these networks themselves used to be prone to easy infection and one could sit behind his PC and target thousands, even millions of other PC's, to direct requests at one and the same server or server ranges
The effects of that? Devastating. Simply devastating. Forget Arny among one single class of kindergarten kids, this would unleash the combined kindergarten school classes of this entire planet onto him.
So, back to the P2P networks: how did they fix this problem?
The first problem, getting multiple requests from the same IP within a certain amount of seconds, was met by blocking the IP at the firewall level. A firewall is what we all have these days and is built in into our modems and routers, because that has appeared to be a bare necessity over time. A firewall separates your PC from the outside world, and vice versa.
The second problem, abusing the P2P protocol to exploit multitudes of PC's and use them as slaves to simultaneously hit a target, was fixed by rewriting the server-side code as well as the clients supporting it. It took months, years even, and is not something that is feasible in the current context
Back to reality: GoDaddy suffers from a distibuted denial of service that has taken down pretty much all of their servers, if I believe what currently rumours around the web, yet they've stabilised most of that or are still trying to. Yet, email is down for Europe - I presume. At least it is for me
I am delayed on all my email for all my websites and accounts. Frankly, I couldn't care less if all my sites were down, they're just a first placeholder for anyone who wants to interact with me. Email? That would be the number one way to reach me, and Lawd knows many succeed in doing so - fortunately. Yes I'm easily found on the web and you can tweet at me and such, but people that sent me an email hours ago expect that to have landed in my inbox seconds after
So, GoDaddy: I came to you attracted by your prices and services, I really love the abundance of free services you offer, even though it takes some digging here and there to find out about it, but this is the bloody limit