Yesterday (26.05.2022), deta.dev
, one of our domains responsible for providing the hostnames for our Micros service was unavailable between 18:30 - 20:15 CET/GMT+2.
The DNS resolution for our apex domain deta.dev
was failing and thus all the *.deta.dev
hostnames weren’t reachable. This means any content hosted on a Micro wasn’t available via its deta.dev
URL.
Custom domains for Micros were not affected as they are served under the custom domain set up by the developer and not our deta.dev
domain.
Other services like Deta Base, Deta Drive, Deta Space & Deta Space apps weren’t affected as they are served on separate domains.
As a free, hosting provider we get our fair share of bad actors trying to host phishing websites on our servers. Thanks to public monitoring and internal measures, we are mostly able to remove reported content without affecting our services.
On May 24, we got a phishing report from Namecheap (the registrar we use for deta.dev
) which we weren’t aware of, as the email landed in the Mustafa’s “Updates” G-Mail folder. The email points to an affected Micro hosting a phishing website. The email threatened to suspend the affected domain (deta.dev), if no action was taken.
We’ve then received 2 reminders, which we also missed.
Thu 26th May ~ 18:30 CET
On Thursday the 26th of May, we received an email from Namecheap informing us that the domain deta.dev
was suspended, which we did not immediately see.
Thu 26th May ~ 19:00 CET
We started getting reports from our developers that their Micros’ .deta.dev
domains were not responding.
Thu 26th May ~ 19:23 CET We noticed the emails & reports. Mustafa looked up all emails from Namecheap in his inbox and found the first report. We then immediately took down the malicious content and contacted Namecheap responding to their report ticket through their support chat. Unfortunately, their chat pointed us to their ticket system. They didn’t provide a hotline or a phone number to reach their Abuse Department.
Thu 26th May ~ 20:15 CET
We received an email from their Abuse Department that the case was resolved and that our domain was back online.
- Use a dedicated safety, security and abuse email address
- Implement more intelligence to prevent and monitor bad actors (some projects should be live soon)
- Improve our domain monitoring and alerting
- Ensure we have premium support with a phone hotline for our domain registrar and infrastructure providers