Distribute.IT attack

[FirstPageResults]

Surpised this hasn't come up here in the last few days, as I know there are some here who would have been directly affected.

On Saturday Distribute.IT was hit by a targeted attacked which crippled their network causing domain registry access and web hosting services to go offline. Obviously the means reseller's are hit aswell.

If you visit their site, you see will they have installed some blogging software inplace of their regular site:

Latest update from this morning:

Engineers have this morning advised DR recovery on remaining servers, and registry services, is still progressing. Data recovery takes a long time to complete, check and then restore, especially given there are a few servers involved in this instance. It is also not possible to give a definitive ETA on any of the servers whilst this phase is underway.

Next update in 6 hours, or on restoration if sooner.

This message appeared on the homepage the other day:

OWNED BY EVIL AT EFNET YOU MOTHER flappERS NEED TO GET A CLUE BEFORE YOU RUN A BUSINESS YOUR SECURITY IS HORRIBLE !!!!! THE ONE AND ONLY EVIL AT EFNET I AM BACK MOTHER flappERS!!! The Outage the other day WAS NOT an upgrade they got HACKED and fabricated it with a lame excuse....

So there are rumours circulating that they were actually hacked twice..

http://www.crn.com.au/News/260410,distribute-it-hit-by-malicious-attack.aspx

 

[neddy]

Wow!

I know a good friend who was affected badly. Sites have been down since Saturday.


I wonder what will be the end result out of all this?

 

[iejs]

Most of my sites have been down since Sat evening and my main admin email is currently dead.

A security breach is one thing, but the complete lack of contact from DistributeIT is quite another. If I hadn't thought to check Twitter, I'd still have absolutely no idea what was going on.

 

[FirstPageResults]

Huge amount of down time.

Your friend hasn't been able to move Neddy? They seem a little cagey on the whole data recovery front, lets hope they get it all back.. but I wouldn't be holding my breath.

This is bad for a lot of people.. no website, no email, no online services etc. From an internet marketing POV, it's total disaster having your sites down for so long - no earnings and it's gets worse when googlebot comes along and your site has disappeared...

If your friend doesn't have their own backups, then I will be pulling data from Google's cache now before it's too late!

I wonder if auDA will step in for any domains that expire during this peroid?

 

[James]

Huge amount of down time.

Your friend hasn't been able to move Neddy? They seem a little cagey on the whole data recovery front, lets hope they get it all back.. but I wouldn't be holding my breath.

This is bad for a lot of people.. no website, no email, no online services etc. From an internet marketing POV, it's total disaster having your sites down for so long - no earnings and it's gets worse when googlebot comes along and your site has disappeared...

If your friend doesn't have their own backups, then I will be pulling data from Google's cache now before it's too late!

I wonder if auDA will step in for any domains that expire during this peroid?

Lets hope they 302 the site then during the down time.

 

[FirstPageResults]

Lets hope they 302 the site then during the down time.

I reckon they have bigger things to worry about! I checked a site I know is on there network and it was:

Connection timed out (110)

 

[Ben]

Distribute IT

Does anyone use Distribute It as a registrar? I've been unable to access my account for nearly a full week now as they have been hit by some sort of DOS attack.

Pretty long time to be offline, .nz has suspended all expiring domains from Distribute IT and I can only hope .au see the light and do the same.

Not a nice feeling not knowing what's expiring or been renewed etc.

Hope nobody else is in the same position.

 

[Ben]

grrr

Effecting me badly too. Just domain renewals is all I am concerned about. Waiting 5 days now, it's very frustrating.

 

[neddy]

Apparently this is still a problem?

 

[FirstPageResults]

Yep.. mainstream media has picked it up now:

http://www.smh.com.au/technology/se...es-exposed-in-hack-attack-20110617-1g6vd.html

 

[Ben]

Still down! No correspondence with customers yet, NOT ONE EMAIL. Doesn't look like they were set up very well if they lost everything.

I don't buy the "At this stage our priority is and always has been to help our clients get back online as quickly as possible…" they can't even access their .au DB to pull data on what expires and when. Seems their hosting clients are more important, which I can understand, but domains will be expiring left right and centre.

Imagine hosting and using them for domain registrations, that would really suck!

7 days now and no service, you'd think that they could work with AUDA to find an interim solution for domain resellers.

They must have really pissed someone off, maybe the wrong person!

 

[Rhythm]

Urgent Domain Renewals

For those clients & resellers requiring urgent domain name renewals for expired or expiring domains, please forward your requests via email to distributeit888@gmail.com and we will manually action these asap on your behalf.

Please only provide domains already past expiry or expiring imminently (next 24 hours or so) to ensure we can process the most critical renewals in a timely manner.

http://distributeitsupport.blogspot.com/2011/06/urgent-domain-renewals.html

 

[FirstPageResults]

Hard to believe they are still down, you'd think they would've been able to rebuild quicker than this if they had their act together in the first place.

 

[payattention]

There's a new update.. boy, I am glad I moved sites/domains from them a while back.

 

[FirstPageResults]

Wow. I guess this shows the importance of keeping your own backups periodically where ever possible.

 

[iejs]

I think I was lucky - my sites suddenly went back up on Sat evening, tho I still have some checking to do.

Totally agree with FPR - never rely on anyone else and always keep back ups (So glad I had mine, just in case!).

The reason for the attack is still the big question. That and why DistributeIT have failed to make any kind of contact with customers beyond Twitter and blog updates.

This will have lost them a lot of customers, I would think.

 

[sp@rky13]

iejs and any others. Backup your sites. They should have already been backed up, but if not back them up now and try to do it at least once a week (unless no changes are made etc). Also, if you would like to see VentraIP's official statement it's here

 

[tykota]

It's good to see that the other hosts are actually being sympathetic to both DIT and their customers.

Another company that's also getting involved:

http://www.uber.com.au/blog/2011/06/21/sos-for-distributeit-customers/

 

[Drop.com.au]

Interesting...

"auDA has given its consent to the acquisition of Distribute IT’s .au registrar accreditation and customer base by accredited registrar NetRegistry Pty Ltd."

http://www.auda.org.au/news-archive/auda-22062011/

 

[DomainNames]

Interesting...

"auDA has given its consent to the acquisition of Distribute IT’s .au registrar accreditation and customer base by accredited registrar NetRegistry Pty Ltd."

http://www.auda.org.au/news-archive/auda-22062011/

Well that should be a start for the poor victims. Whats our Federal Police doing to catch the criminals who basically burnt Distribute IT to the ground ?

They need to catch the crims and make sure it doesnt happen again.

_____________
http://www.ahtcc.gov.au/

The AHTCC is now an operational arm of the Australian Federal Police (AFP) High Tech Crime Operations (HTCO) portfolio, which was formed in March 2008.

Please visit the AFP website for relevant information that is maintained by the AFP HTCO portfolio:

http://www.afp.gov.au/