Complaint: registerdomain.co.za

[D-Boy]

Hi

Yesterday my website died, along with registerdomain.co.za the company, last night my site came back online again with the worst latency ever now and then, and today I can't login into ANY of my mail boxes, its asking me for a different username and password, WTF!

 

[w1z4rd]

Hi

Yesterday my website died, along with registerdomain.co.za the company, last night my site came back online again with the worst latency ever now and then, and today I can't login into ANY of my mail boxes, its asking me for a different username and password, WTF!

They are probably running everything off one cpanel server and have some clients who are infected with viruses (so the server is been hammered with spam) or some of the websites on their server are hacked ... in which case the server is been hammered because its spamming.

 

[Fulcrum29]

I have three co.za domains with them, can’t access registerdomain.co.za, but my sites are working. Anyone knowing what is going on there as I want to move the domains away?

 

[D-Boy]

I have three co.za domains with them, can’t access registerdomain.co.za, but my sites are working. Anyone knowing what is going on there as I want to move the domains away?

All my email addresses seems to be dead!, but my websites still work, woow messedup, welcome to South Africa everyone!!

 

[Domains.co.za (Wayne)]

Hi

Yesterday my website died, along with registerdomain.co.za the company, last night my site came back online again with the worst latency ever now and then, and today I can't login into ANY of my mail boxes, its asking me for a different username and password, WTF!

@D-Boy, if you need any help or would like assistance to transfer the domains elsewhere please let me know, details in signature

 

[D-Boy]

@D-Boy, if you need any help or would like assistance to transfer the domains elsewhere please let me know, details in signature

not keen, but thx anyway

I have to say, I've been hosting a server at home for 2 years now on my adsl connection (with backup connection), and I've been online more then registerdomain will ever be, and I've survived 1 small dos attack without any issue's, lol

EDIT: and don't forget about all the other rubbish that's trying to gain access to your servers, ssh,ftp brute forcers, proxy scanners ect..

 

[Tinuva]

Uh, looks like registerdomain.co.za is hosted in the JHB MTN data-center, which was experiencing problems along with a bunch of afrihost hosted servers.

Pretty certain that is the OP's problem. This is a good time to consider another host...who doesn't host their servers in the JHB MTN data-center, which has the worst reputations in the country in my opinion.

 

[D-Boy]

I've just been told by registerdomain:

A Denial of Service (DOS) attack aimed at a router within our environment during the early hours of Monday morning resulted in decreased network capacity, affecting connectivity in and out of the data centre.

My question, why and how would someone want to dos attack them???

 

[vangend]

I've just been told by registerdomain:



My question, why and how would someone want to dos attack them???

The problems at MTN Data centre started on Saturday night already.

 

[D-Boy]

I thinks that dos attack is BS!

I've been having issue's this weekend with my internet connection, I got 4 ISP's:

Axxess -adsl
Mweb -adsl
Vodacom -3g
8ta -3g

It took 8ta the longest time to recover from the problem, I didn't test axxess 24/7 ..both also on the MTN network tho

I personally think some idiot messed up at MTN, and now they want to blame it on a dos attack, unless they dos attacked themselves, because now one can bring down a 10gig pipe just like that, no one said ddos attack... but still same applies, who wants to bring it down anyway???

Our upstream provider has identified the source of the attack, all traffic to the destination is being neutralised and traffic is starting to normalise to the data centre.

 

[Tinuva]

I've just been told by registerdomain:

A Denial of Service (DOS) attack aimed at a router within our environment during the early hours of Monday morning resulted in decreased network capacity, affecting connectivity in and out of the data centre.

My question, why and how would someone want to dos attack them???

To be honest, nowadays kids DoS attack anything and everything. It takes the simplest thing of things and they send of a script to screw over a tiny server.

That said, the fact that a DoS attack affects the data center for that long...speak mountains of their automated DoS attack mitigation systems...non-existent and needs manual intervention. Not the best setup IMHO.

ps. You would be surprised how much traffic a simple DoS attack can generate given the correct circumstances nowadays.

 

[D-Boy]

they send of a script

To were?? ...bs ..not that easy, but for a individual ..easy to go dos attack a router, but goodluck with anyone with a 0.80meg upload speed, its going to do nothing to the router, and that's the max speed a 10meg adsl line have ever gave me.

you'll need 13107200 attackers with a 10meg adsl connection to make a 10gig connection congested, and that's not going to happen in South Africa, according to my research, it was a "local attack" = MTN Idiot

10240 (pipe) / 0.00078125 (per attacker)

tiny server.

with a 10gig pipe, I don't think it such a tiny router/server.

tengigabitethernet5-2.hr15.jnb6.za.mtnbusiness.net ,in my trace route, that stopped me from reaching my stuff.

I might be wrong about the attack or MTN idiot, but that's what I believe...

 

[Tinuva]

To were?? ...bs ..not that easy, but for a individual ..easy to go dos attack a router, but goodluck with anyone with a 0.80meg upload speed, its going to do nothing to the router, and that's the max speed a 10meg adsl line have ever gave me.

you'll need 13107200 attackers with a 10meg adsl connection to make a 10gig connection congested, and that's not going to happen in South Africa, according to my research, it was a "local attack" = MTN Idiot

10240 (pipe) / 0.00078125 (per attacker)



with a 10gig pipe, I don't think it such a tiny router/server.

tengigabitethernet5-2.hr15.jnb6.za.mtnbusiness.net ,in my trace route, that stopped me from reaching my stuff.

I might be wrong about the attack or MTN idiot, but that's what I believe...

Don't be ignorant now. Script kiddies don't use their own South African DSL line. You will be surprised to what kind of connections people have access to, even shock horror South Africans.

First, the router in front of that server may have 10Gb interfaces, but that is not to say those interfaces actually run at that speed, they may very well run at a lower speed.
Second, the server itself at best is on a 1Gb port, and that is if it is even allowed to make full use of all 1000Mbits.
Third, you can crash a webserver application with less than 1Mbit/sec if you know the correct vulnerabilities of said server and it hasn't been patched against it yet.

In closing, there are so many possibilities it aint even funny. I am a sysadmin and network engineer dealing with these on a regular enough basis that I know, its much simpler than you make it out to be.

 

[D-Boy]

I am a sysadmin and network engineer

same here buddy, but I still think that dos attack is bs, I think something got messed up by a idiot

you can crash a webserver application with less than 1Mbit/sec if you know the correct vulnerabilities of said server and it hasn't been patched against it yet.

true story, but it wasn't a web server

A Denial of Service (DOS) attack aimed at a router within our environment during the early hours of Monday morning resulted in decreased network capacity, affecting connectivity in and out of the data centre.

I can't even bring down a RB750 (400mhz) with a 100meg connection, if you dos the hell out of it, just the CPU goes 100% and that's about it, it still operates fine

 

[Murmaider]

you'll need 13107200 attackers with a 10meg adsl connection to make a 10gig connection congested, and that's not going to happen in South Africa, according to my research, it was a "local attack" = MTN Idiot

10240 (pipe) / 0.00078125 (per attacker)

with a 10gig pipe, I don't think it such a tiny router/server.

tengigabitethernet5-2.hr15.jnb6.za.mtnbusiness.net ,in my trace route, that stopped me from reaching my stuff.

I might be wrong about the attack or MTN idiot, but that's what I believe...

Your logic is a bit wrong here. Depending on the type of DDoS attack and the connection speed of the zombie machines is what matter. For example a simple TCP flood could involve 10000 machines sending tiny TCP packets at an insane rate to the router with no intention of doing the TCP ACK handshake. The router then tries to reply to all of them and do a handshake which doesn't exist. Basically creating overhead on the router. Now that's just a simple example, there are far more sophisticated Ddos attacks.

Besides, if speed was your concern, all you would need is 100x exploited 100mbit dedicated servers or 10x servers connected to 1Gbit connections. keeping in mind that DDoS attacks can come from more than 100 000 zombie machines around the world easily.

Also you might as the question "why attack a distribution router" - simple answer is because it then brings down everything behind it.

 

[D-Boy]

Your logic is a bit wrong here. Depending on the type of DDoS attack and the connection speed of the zombie machines is what matter. For example a simple TCP flood could involve 10000 machines sending tiny TCP packets at an insane rate to the router with no intention of doing the TCP ACK handshake. The router then tries to reply to all of them and do a handshake which doesn't exist. Basically creating overhead on the router. Now that's just a simple example, there are far more sophisticated Ddos attacks.

Besides, if speed was your concern, all you would need is 100x exploited 100mbit dedicated servers or 10x servers connected to 1Gbit connections. keeping in mind that DDoS attacks can come from more than 100 000 zombie machines around the world easily.

Also you might as the question "why attack a distribution router" - simple answer is because it then brings down everything behind it.

Yea yea, we don't know the whole story behind the so called attack, I still think it was a lie to cover their a**, lol... ofcourse a group of zombie machines can hurt something real bad, but we're in south africa and broke, you might have to pay for zombie's.... and to top it of, your anti virus will go mad when it detect the virus anyway... and I'm sure big service providers have heard of ddos prevention methods and SynCookie's and tarpit ect... and even firewalls, but you never know...

 

[D-Boy]

Who knows, maybe there's a couple of ya'll who's working for MTN or registerdomain, that's trying to restore the image and trying to avoid the topic "maybe it was a cover up or a lie"..

 

[D-Boy]

my axxess(MTN Business) and 8ta(roaming MTN) connection also sucked real hard, anyone else with that problem?

local traffic were bad, international traffic had no problem, that were my internet experience yesterday, that only mean 1 thing, the "attack" came from local (impossible, unless they attack themselves with a network loop) or someone messed up that 10gig connection to router (MTN Idiot) ..damage a fibre cable, snap it, smoke it ect..

in this case, vodacom had the best performance, and second mweb :erm:

tengigabitethernet5-2.hr15.jnb6.za.mtnbusiness.net goes to registerdomain.co.za

 

[w1z4rd]

same here buddy, but I still think that dos attack is bs, I think something got messed up by a idiot

Give me your adsl IP Ill show you "bs"

 

[D-Boy]

Give me your adsl IP Ill show you "bs"

HELL NO! ..if I knew you way better and in person, then maybe..lol