UK web hosting provider 123-reg has confirmed reports of a DDoS attack aimed at one customer that impacted other customers on its shared hosting platform.
The DDoS attack happened sometime on Wednesday, and while 123-reg said it didn’t knock any sites offline, some customer sites did experience slower than normal loading times.
123-reg is part of Host Europe Group, and hosts more than 1.4 million websites. The company did not disclose how many customers were impacted by the DDoS attack.
The following is a statement emailed to the WHIR from 123-reg which describes the DDoS attack on its customer:
“123-reg experienced a DDoS attack targeted against one particular customer domain. It was a sustained attack which we monitored closely over the course of several hours. The attack itself was from over 800 different IP addresses globally.
This resulted in denigrated service to our hosting platform, meaning some customer sites were running slower, but no sites were taken offline as a result of this attack.
Customer impact measured in terms of support queries was minimal – and likewise our social platforms saw a handful of comments – all of which we are being addressed on a one to one basis via our support teams.”
There is no notice of the DDoS attack on 123-reg’s system status page in its online support center. 123-reg also didn’t address its social communities with a general status update or notice of a DDoS attack, which some customers were not happy with.
“You would think they would put a message on [Facebook], some of us have a business to run,” one 123-reg customer commented.
Transparency is really important when dealing with security issues or downtime, as it establishes trust with customers. Communication can really smooth over a situation with customers, or it can turn a bad situation to worse. Even if an issue doesn’t affect the majority of customers, it is still in a provider’s best interest to be as transparent as possible.