X

Namecheap targeted in monumental DDoS attack

The service known for hosting millions of Web sites is the victim of a cyberattack that knocked out connections for domains around the world.

Dara Kerr Former senior reporter
Dara Kerr was a senior reporter for CNET covering the on-demand economy and tech culture. She grew up in Colorado, went to school in New York City and can never remember how to pronounce gif.
See full bio
Dara Kerr
2 min read
The Web-hosting service Namecheap was hit with what it says was one the largest distributed-denial-of-service attacks "anyone has seen or dealt with."

On Thursday morning roughly 300 domain names hosted by Namecheap were targeted in a DDoS attack -- a common hacker tactic that causes sites or servers to be bombarded with illegitimate traffic. The massive attack likely caused wide-spread connectivity issues among the hundreds of thousands of other domain names using Namecheap's DNS platform.

"Today is one of the days that, as a service provider who strives to deliver excellence day in and day out, you wish you never had," Namecheap CEO Richard Kirkendall and Vice President Matt Russell wrote in a company blog post.

Kirkendall and Russell said they're constantly battling DDoS attacks and almost always can keep them at bay. However, Thursday's attack was too massive to contain.

"The sheer size of the attack overwhelmed many of our DNS servers, resulting in inaccessibility and sluggish performance," Kirkendall and Russell wrote. "Our initial estimates show the attack size to be over 100Gbps, making this one of the largest attacks anyone has seen or dealt with. And this is a new type of attack, one that we and our hardware and network partners had not encountered before."

Just last week, a record-breaking DDoS attack against a CloudFlare customer was reported. At its peak, this attack reached more than 400Gbps, which is 33 percent greater than the previous record-holding attack against Spamhaus last year.

Namecheap rose in popularity in 2011 when it promoted a "move your domain" day in protest of its rival GoDaddy supporting the US government's SOPA copyright bill. In the face of the protests, GoDaddy withdrew its support for the bill.

In 2009, GoDaddy itself was the victim of a DDoS attack. During this hack, several thousand Web sites went dark for several hours. Blog hosting service WordPress has also been hit with DDoS attacks. In 2011, the service experienced a massive attack that brought connectivity issues to millions of blogs.

As for Namecheap, Kirkendall and Russell said the attack is now under control and 99 percent of their servers are back to normal. No individual or group has yet claimed responsibility for Thursday's attack.

Updated at 5:55 p.m. PT to clarify the number of domains affected by the DDoS attack.