DreamHost was hit with a powerful and sustained distributed denial of service (DDoS) attack on Thursday afternoon (24 August) after briefly hosting a new edition of the neo-Nazi website Daily Stormer. DDoS attacks are designed to flood a targeted server with a deluge of fake traffic in an attempt to slow them down or knock them offline.
Home to more than 1.5 million websites, the popular Los Angeles-based web hosting provider reported via Twitter: "Our Admins are currently investigating connectivity issues which indicate an issue related to our [Domain] name servers" The company later confirmed that its engineers identified the cause of the DNS degradation as a DDoS attack.
"We are beginning to mitigate the attack and will update this post as new information becomes available."
The attack came after DreamHost was listed as the host for PunishedStormer, the new web address of The Daily Stormer. The controversial white supremacist website was booted and denied by several web hosting companies last week following its response to the deadly violence in Charlottesville, Virginia. The site published a defamatory article calling Heather Heyer, a 32-year-old legal assistant who was killed in the violent "Unite the Right" rally, a "fat, childless... slut."
Multiple tech firms including GoDaddy, Zoho and Google refused to host the website and accused it of violating their terms of service, forcing it to turn to the dark web.
On Thursday, the site popped up online under a new domain PunishedStormer that was hosted by DreamHost. Within hours, unknown attacks launched a DDoS attack targeting DreamHost's domain name servers.
The cyberattack also disrupted other customers' service as well with many taking to social media to blame DreamHost and The Daily Stormer for the disruption.
In a statement to Ars Technica, DreamHost said they evicted The Daily Stormer as a client after discovering that they signed up for a domain using their automated signup form.
"The Daily Stormer was once a customer of ours - many years ago. We did ask them to take their business elsewhere, again many years ago, as a result of a Terms of Service violation," the company told Ars. "Unbeknownst to us, they signed up for domain service with us again yesterday for a domain name that was similar to dailystormer.com.
"The site owner took advantage of our automated signup form to register a domain name and once again become a DreamHost customer. This activity is specifically forbidden in our Terms of Service.
"The opening of multiple accounts or service plans in order to bypass any restrictions or overage charges set forth by DreamHost is grounds for termination of all services. That alone was reason enough for us to disable this account, and we did so today."
DreamHost also addressed the DDoS attack launched by "determined internet vigilantes" that they said did not wait for the company to take action themselves.
"We were ultimately able to declaw that attack, but the end result was that most of our customers experienced intermittent connectivity issues to their sites today. Services have been fully restored across DreamHost," the firm said. At the time of writing, DreamHost's services were completely restored and fully operational.
The attack also came after a DC court ordered DreamHost, which hosts the anti-Trump protest site Disruptj20.org, to comply with the Justice Department's request to turn over the logs of all 1.3 million visitors to the site.
The site in question was used to coordinate the protests in Washington DC on 20 January, the day of President Donald Trump's inauguration. DreamHost, along with the help of the Electronic Frontier Foundation (EFF), refused the request arguing that it was unconstitutionally broad and called it "investigatory overreach." The Justice Department has since narrowed its request.
DreamHost said in a blog post: "The de-scoping of the original warrant, combined with the court's additional restrictions on the use of, and access to, that data, is a clear victory for user privacy."