Chinese DDoS Attack Takes Down UK Domain Registrar

News
By Jane McEntegart
published

An early statement from 123-reg mentioned that the attack originated from China.

A DDoS attack has taken out British domain registrar 123-reg. 123-reg, the biggest domain registrar in the United Kingdom, revealed that it had been the target of a distributed denial of service attack (DDoS) at 11 a.m. Wednesday morning. The company said the attack meant the site may have been inaccessible to customers and the surge of traffic could have prevented people from accessing 123-reg's status page.

"Generally our status page is updated with information of any work that is on-going, however in a DDoS situation like this customers may not be able to get to that page," the company said in a statement. "Our first port of call is to update our phone status message, Tweet and post on FaceBook, which we did. During this period of time we had an influx of calls coming through to us where our phone system and team were able to inform customers of the current status."

Despite customers possibly remaining out of the loop, it sounds like 123-reg got things under control pretty quickly.

"Being the largest domain provider we are a prime target for this type of activity, and we know this type of activity is on the increase – particularly in Europe – as recent press coverage has shown," the company explained. "With that in mind, 123-reg takes the protection and monitoring of our core infrastructure very seriously. To support that we have built in redundancy within the core network and a team in place to support this. Through that team we were able to quickly respond and start making changes immediately."

Though the statement now available on 123-reg's website mentions nothing about the people responsible for the attack and where it may have originated from, it seems an early statement from the company indicated that the DDoS came from China. The Register reports that 123-reg's site had the following statement live on its site for a short while:

From 11:30 to 22:50 our network was undergoing a massive distributed denial of service attack from China. Due to the nature and size of this attack the firewall systems in place needed to be reconfigured to block the bad traffic and allow the good traffic through.

This statement no longer appears on 123-reg's website and the company has yet to elaborate on the mention of China, or explain why the statement was removed. We'll keep you posted!

Follow @JaneMcEntegart on Twitter.           

Jane McEntegart
11 Comments Comment from the forums
  • Auroram
    "China" is a very broad term. They might as well have not mentioned it at all to prevent any sort of political issues. I am interested to see how this story develops!
    Reply
  • mariusmotea
    Is this a response for blocking Piratebay?
    Reply
  • mayne92
    Auroram"China" is a very broad term. They might as well have not mentioned it at all to prevent any sort of political issues. I am interested to see how this story develops!If it is from China then it is from China, regardless if proxies were used or not. Indeed it is very broad term but when all that is mentioned is that the source was China - I fail to see any accusation made here unless people read into it too much.
    Reply
  • if it originates from china, then just ban ALL from china. they already banning rest of the world.
    Reply
  • Auroram
    mayne92If it is from China then it is from China, regardless if proxies were used or not. Indeed it is very broad term but when all that is mentioned is that the source was China - I fail to see any accusation made here unless people read into it too much.The thing is that the statement was there at first, and was later removed. There was probably good reason for that, or they wouldn't have done so. I'd like to know what that reason was. That's showing interest, not some sort of paranoia. :)
    Reply
  • stingstang
    AuroramThe thing is that the statement was there at first, and was later removed. There was probably good reason for that, or they wouldn't have done so. I'd like to know what that reason was. That's showing interest, not some sort of paranoia.I'd say it was removed, because there was no longer a reason to have it up, not because it was stepping on someone's toes.
    Reply
  • freggo
    They should have targeted 1and1.com instead.
    They are one of the worst registrars out there stealing domains and blackmailing users by taking domains hostage.
    Reply
  • soundping
    C7: DDos attack with Egg Roll and Sweet & Sour Sauce.
    Reply
  • eddieroolz
    Auroram"China" is a very broad term. They might as well have not mentioned it at all to prevent any sort of political issues. I am interested to see how this story develops!
    This comment just seems to be in denial. China refers the mainland and a few periphery islands known as the PRC. We all know this.
    Reply
  • TeraMedia
    @eddieroolz: I think Auroram was trying to say that it could be interpreted a few different ways:
    1) Chinese gov't sponsored DDoS
    2) DDoS originating from computers located in China geographically, and conducted by private Chinese individuals and/or businesses
    3) DDoS originating from computers located in China, but only because they are infected with botnet software (being pirated copies of Windows, this is a distinct possibility), and orchestrated by individuals and/or entities located elsewhere.

    Those are three very different interpretations of "China", with radically different political and social implications.
    Reply