White Supremacy Web Host DreamHost Experienced DDoS Attack Today

Earlier the WordPress security site WordFence reported that DreamHost servers were attacked with a DDoS attack. This attack occurred after a white supremacy group was said to be hosted on their servers. DreamHost threatened to remove their site for a terms of service violation, and since then this attack occurred. It’s unclear if the attack was done by the site owners or someone else since the attack would have taken their site offline as well. An Anonymous Twitter user appears to take credit but it’s unknown if it’s a legitimate Anonymous hacker group account since they’re anonymous. 

Since the attack this morning WordFence is now reporting that DreamHost is backup but with some services in a ‘degraded state’. 

Update at 12:36pm PST: Dreamhost is reporting all services are restored and operational, although they show many services in a ‘degraded’ state. You can find out more information on their status page.

Anonymous, or whoever is behind the DDoS attack, is hurting the rest of society, by assuming they are the arbiters of which messages are acceptable, and which are not. I don’t want them thinking for me. I presume you don’t either.

See below for more details on the attack and how it was discovered and reported by WordFence:

Dreamhost is currently experiencing a DDoS attack. I am updating this post in real-time as the situation unfolds. Last update was at 10:46am PST. ~Mark Maunder

Their team posted this tweet 20 mins ago.

I’ll be posting updates here as the situation progresses. Their engineers are clearly working the problem.

You can find their status page at https://www.dreamhoststatus.com/currently, it says the following are affected:

Dedicated Servers, DreamPress 2, Remixer, Shared Hosting, Virtual Private Servers (VPS), Webmail.

Their team detected the attack at 9:20am PST and mitigation started at 10:20am PST.

Dreamhost has recently been in the news for fighting a US Department of Justice request for the IP addresses of all visitors to a website that they host.

The DDoS appears to be unrelated to the DoJ request above. It looks like it may be an Anonymous attack targeting the Dreamhost DNS to try to take a white supremacist website called ‘punishedstormer dot com’ offline. The website came online today and is hosted by Dreamhost.

What is Being Attacked

Dreamhost currently hosts an extremist website called punishedstormer. The site’s DNS is also hosted by Dreamhost. That means that if you try to access the site, your computer or device contacts Dreamhost’s servers and asks for the IP address so that it can connect.

The attackers have launched a massive amount of traffic targeting Dreamhost’s DNS servers so that the website they want to take down becomes inaccessible.

You can see the DNS servers that are being used for the target website in this screen capture:

As you can see, the servers ns1, 2 and 3 at dreamhost.com are responsible for handing out the IP address of anyone looking up punishedstormer’s address. These are being targeted, possibly along with other DNS servers at Dreamhost.
This will affect the availability of any website and domain that is using Dreamhost DNS services.

What to Do

If you host your website at DreamHost, you may not be affected by this attack if you host your DNS with another provider. If you host it with Dreamhost, it is likely that you are affected.

Unfortunately, there is not much you can do. If you move your DNS away from Dreamhost, it will take up to 48 hours for the update to propagate around the Internet. Dreamhost will probably have this situation resolved in the next few hours. So the best advice may be to sit tight until their engineers are able to filter out the DDoS traffic and bring their systems back up.

Email Also Affected

It is worth noting that if your domain’s DNS is handled by Dreamhost, then your email deliverability may be affected. Emails that are sent to you may be bounced back to the sender. If you are expecting an urgent email, we recommend that you contact the sender directly and let them know your email may be temporarily unavailable.

Once this service disruption ends, you may want to let your contact list know that your email may have been temporarily unavailable due to an attack on your email DNS hosting provider.

Update at 11:22am PST: Dreamhost is reporting that they are beginning to mitigate the attack.

Thankfully it looks like the problem was fixed on the same day, but this is a good time to make sure you check your site security and make sure your web host provider won’t become a target.

 

Related articles

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: