Namecheap is Hit by a Massive DDOS Attack

Hacked

Namecheap is one of the big domain registrar and Web Hosting company based in Los Angeles, California. It’s one of company which makes it possible to type domain name (ex. www.google.com) instead of IP’s address (74.125.236.160). On Thursday, it was hit by a massive Distributed Denial of Service DDOS attack anyone has seen or dealt by anybody. The attack involved of about 100 GBPS of traffic driven towards Namecheap servers. As per company, “it was a new type of attack”. Due to DDOS attack, more than 300 websites were down or inaccessible. The attack was mainly on Domain Name System (DNS) servers.

Hackers, usually perform DDOS attack to target specific companies to disrupt customer’s point of view about it or to downgrade company’s reputation. DDOS attack has affected domain name resolving, Email forwarding, URL’s, domain host record updates etc. The company is constantly trying hard to tackle with huge attack.

Below mentioned is official update from Richard Kirkendall (CEO) and Matt  Russell (VP):

Today is one of the days that as a service provider who strives to deliver excellence day in and day out, you wish you never had. At around 15.55 GMT / 11.55 EST, a huge DDoS attack started against 300 or so domains on our DNS platform. Our DNS platform is a redundant, global platform spread across 3 continents and 5 countries that handles the DNS for many of our customers. This is a platform meticulously maintained and ran, and a platform that successfully fends off other DDoS attacks on an almost-daily basis. Today, however, I am compelled to announce that we struggled. The sheer size of the attack overwhelmed many of our DNS servers resulting in inaccessibility and sluggish performance. Our initial estimates show the attack size to be over 100Gbps; making this one of the largest attacks anyone has seen or dealt with. And this is a new type of attack, one that we and our hardware and network partners had not encountered before. We responded with our well-practiced mitigation plan while also enabling our backup system for those with affected domains. It took us around 3 hours to fully mitigate the attack, working closely with our hardware and network vendors. At this moment in time, 99% of our services are back to normal. I’d like to take this time to apologize to those customers affected. I also wish to iterate that we will learn from this attack and come back stronger, and more robust. We are bringing forward a key DNS infrastructure enhancement program that will see us massively expand the size of our DNS infrastructure and our ability to absorb and fend off attacks like these. We remain firmly committed to delivering the absolute best service possible to our loyal customers.

Richard Kirkendall
CEO