Chinese site loses domain registrar over DDoS threats

Chinese-language political website boxun.com was forced to move off its US host last week, after attracting a “massive” distributed denial of service (DDoS) attack.

Boxun.com has operated from an office in the US state of North Carolina for 12 years and is inaccessible from behind the Chinese Government’s firewall.

According to the Guardian, the DDoS attack followed several days of reporting on Bo Xilai, a politician who was sacked this year amid accusations that his wife was involved in the death of British businessman Neil Heywood.

Boxun.com founder Watson Meng believed that the attacks were “ordered by China’s security services, but that it was unclear where they were launched from”, the Guardian reported.

The site’s former registrar name.com described the DDoS attack as “one of the largest ones in the company’s history”.

Name.com said it received an email on Thursday morning demanding that it disable boxun.com, or “suffer a DDoS attack as a result”.

“Shortly thereafter, our network operations team was made aware of the fact that our main website and nameservers had come under a massive DDoS attack,” the domain registrar wrote in a blog post.

The attackers sent an additional email during the attack, demanding that name.com “[hand] over the domain to the attackers and [tell] the original owner that it was stolen”, the registrar reported.

“Unfortunately, we did not believe that Name.com could keep both the boxun.com website and the other 1.5 million domains under our management online at the same time, so we requested the domain owner transfer boxun.com to another registrar of their choice,” it said.

In December 2010, domain name provider EveryDNS terminated its agreement with Wikileaks as it came under a sustained DDoS attack after leaking US embassy documents to the media.

At the time, the provider said the attacks on Wikileaks would “threaten the stability” of EveryDNS infrastructure and almost 500,000 customer sites.