Network Solutions Customer Site Compromises and DDoS
Network Solutions is a domain name registrar that manages over 6.6 million domains. As of July 16, 2013, the Network Solutions website is under a Distributed Denial of Service (DDoS) attack. Recently, Network Solutions has been a target for attackers; in a previous outage, domain name servers were redirected away from their proper IP addresses. This was reported to be a result of a server misconfiguration while Network Solutions was attempting to mitigate a DDoS attack. It is possible that the DDoS attacks are related.
According to isitdownrightnow.com, the Network Solutions site has been having issues for at least the last 24 hours.
Initially, Network Solutions reported that:
However, in the comments it was made clear that Network Solutions decided to temporarily remove this thread from their Facebook page so that customers affected by the DDoS could more easily find relevant information. There were multiple reports on the July 16, 2013 Facebook thread that appear to indicate customer DNS records were corrupted before the DDoS induced outage. As a result of the DDoS attack, any customers that were compromised previously may not be able to repair their domain name infrastructure until the DDoS is mitigated.
The Cisco TRAC team is continuing to monitor the situation for further developments.
Special thanks to Jaeson Schultz for his help with this post.