Online sales during this holiday season (November 21st, 2013 – January 6th, 2014) weren’t as miraculously high as retailers were hoping for but still December sales gave a lift to the US economy.

Today (Jan 21, 2014) between 07:00 and 09:00 UTC mainland China was hit by a wave of network issues. A large number of both Chinese and international domains were reporting connection timeouts and were completely unaccessible. The cause for this was that for some reason a large number of domains were resolving to a single IP address - 65.49.2.178. The problem was reported as resolved in most places around 08:50. Due to the DNS caching infrastructure however a lot of users will still be affected until the cached bogus records expire. Users were suggested to use alternative DNS servers like Google's 8.8.8.8. We strongly recommend if you are using a DNS caching server in China to flush it as soon as possible to avoid DNS issues

The news sources in China first blamed it on a DNS poisoning of the root and the gTLD DNS servers. This however is not the case since the networks outside mainland China were not affected at all. Our investigation showed DNS responses from authoritative name servers coming with bogus data when queried from our servers in Beijing, Shangai and Guangzhou.

For example our first notice of the issue was when we requested the A record of static.bbci.co.uk. from ns1.thdow.bbc.co.uk (212.58.240.163), which is one of the authoritative DNS serves for bbc.co.uk, the response was

static.bbci.co.uk.      37621     IN      A 65.49.2.178

instead of  the correct record which is

static.bbci.co.uk.      900     IN      CNAME   static-bbci.bbc.net.uk.

This suggests that the response packet was modified in transit and the most likely culprit is the Golden Shield Project (also known as The Great Firewall of China). A possible reason for the misshap is that instead of blocking the 65.49.2.178 IP address all DNS queries were redirected to this IP. Ironically they actually succeeded blocking the IP by creating a massive DDOS attack from all Chinese users who were making connections to this address while trying to access different sites.

The offending IP 65.49.2.178 has an interesting story itself but I'll just put a few pointers
 - It is owned by Sophidea, Inc. registered on the address 2710 Thomes Ave Suite 884, Cheyenne, WY, 82001, US. Reuters ran a special story about this address a few years ago (www.reuters.com/article/2011/06/28/us-usa-shell-companies-idUSTRE75R20Z20110628)
 - While there is scant information regarding Sophidea, Inc I can see that they are providing hosting services to a large number of companies and the IPs from this range were frequently reported for spam
 - Hosted on the same network range is ultrasurf.us which was created to provide means to bypass the China Firewall and provide anonymous Internet access. Ultrareach Corp - the company which owns UltraSurf is registered on the same postal address in Wyoming above. There was some discussion of the actual value of the services provided by UltraSurf  (blog.torproject.org/blog/ultrasurf-definitive-review) but still their service might have something to do with the Chinese goverment wanting to restrict access to this netblock

 Update Jan 22, 2014

If your business largely depends on your website, you may often need to show its uptime to your customers.

As a WebSitePulse client, you have an option called ‘Stats Publisher’where you set up a public report page that includes the uptime statistics for one or more of your targets. The reports are published on www.MyWebReports.net and can be viewed by everyone, or just by the people whom you give access to.

Monitoring your website is not just a preemptive measure

We all know that companies invest a lot of funds and efforts to build up a good image of its products and services. A rock-solid corporate identity could be a great corner stone for gaining and increasing the public trust of your company’s current and prospective clients. Once you have established a good company name, the main goal of the management is to keep that name clean and safe. And they do it, or at least they try to do it the best they can. 

In Target Groups and User Management, Part 1 we talked about target groups, setting up general groups, and user management settings. Now, we continue with adding new users to your account, securing the account, customizing permissions and a few more extras. 

If you click on the Add New User button,