Domain registrar oversteps taking down Zoho domain, impacts over 30Mil users

zoho.jpg

The domain of India-based software provider Zoho, one of the largest tech companies in the world, was taken offline today for around two hours after the domain registrar overstepped its attributes and took Zoho.com down following a banale phishing complaint.

The downtime resulted in nearly 30 million Zoho users being unable to access Zoho’s website, which hosts a boatload of web-based office tools, such as word processing, spreadsheets, presentations, databases, note-taking, wikis, web conferencing, customer relationship management (CRM), project management, and invoicing applications.

Following the unexpected takedown, Zoho’s IT team said on Twitter that it failed to resolve the issue with the customer support staff of TierraNet, the registrar hosting Zoho’s main domain.

Zoho representatives said the TierraNet staff proved unbending in regards to its decision to suspend the Zoho domain. The reason TierraNet gave out was that Zoho failed to resolve issues “after repeated contact requesting them to take action against phishing emails.”

According to TierraNet employees, the domain registrar had received repeated complaints that crooks were using Zoho’s Mail service –and indirectly the Zoho.com domain– to send out phishing emails.

This is no surprise as most email providers, large and small, are abused on a daily basis. But in all cases, these issues are left to abuse departments of email providers. Domain registrars are rarely called upon to intervene, and usually in the case of domains associated with smaller sites, not for Forbes 100 companies.

Also: Google secretly logs users into Chrome whenever they log into a Google site

The sudden death of the domain of a multi-million dollar business cause panic at Zoho’s offices.

Both staff and CEO Sridhar Vembu took to Twitter to explain the issue to customers and request urgent help in getting in contact with TierraNet’s executives regarding the takedown.

Vembu also explained that the entire takedown was ludicrous at best, revealing that Zoho’s staff usually handles all phishing-related reports in-house, suspending accounts when it receives any complaints.

Furthermore, he also revealed that the entire domain takedown was unnecessary on TierraNet’s part.

“There were a total of 3 complaints in 2 months and we took action on 2 of them immediately and one is pending investigation,” the Zoho exec tweeted.

“We run services for tens of millions of users. We receive complaints ourselves and take action. Complaints at a domain registrar level is very rare and this action by them is totally unacceptable when we are the ones with the responsibility,” he later added.

CNET: Google Chrome pushes the web toward HTTPS

The issue was eventually resolved later in the day, but the damage was done, as a large chunk of Zoho’s customers were by then being redirected to a blank page, rather than the Zoho portal.

Changing the domain DNS records back helped some users, but many remained unable to access the site due to incorrect IP addresses being cached on some slower-to-update DNS servers.

In the meantime, Zoho is recommending that any users who can’t access the company’s site use either Google or Cloudflare’s free DNS services, servers that have already been updated and are directing users to the correct IP addresses when trying to access Zoho.com.

Revealing more details on Twitter later in the day, Vembu blamed the entire problem on one of TierraNet’s automated abuse report systems.

“Basically an automated system triggered this action and then once a human realized what happened, it was rectified,” he said.

In the meantime, TierraNet’s bungle has reduced the CEO of one of the largest companies in the world to a tech support representative giving out instructions on how to change DNS servers to angry customers on Twitter.

Glorious will be the day when Sundai Pinchar will be helping Google users create subfolders in Gmail.

Related security breach coverage:

READ MORE HERE