Free Speech and DDOS Attacks received a DDOS attack Thursday morning that took down our homepage and much of our site.  Several news agencies have since inquired as to what exactly happened and at least one article has been written about this event: Cyber attack cripples U.S. website covering Bo Xilai scandal.  To answer those questions we put together a statement for the press and are posting on our blog to give our customers…. the rest of the story:

In the early morning of Thursday, April 19th, we received a demand letter via email instructing us to disable the domain or we would suffer a DDoS attack as a result. Shortly thereafter, our network operations team was made aware of the fact that our main website and nameservers had come under a massive DDoS attack, later to be determined one of the largest ones in the company’s history.

We immediately reached out to our customer, the domain owner of, and explained the situation. We discussed with them what options were available that were in the best interest of both parties. Unfortunately, we did not believe that could keep both the website and the other 1.5 million domains under our management online at the same time, so we requested the domain owner transfer to another registrar of their choice. During the attack received an additional demand email that stated that unless we handed over the domain to the attackers and told the original owner that it was stolen, the attackers would continue the DDoS attack of our website and nameservers. At this point we helped the customer transfer the domain to another registrar as quickly as possible.

Strong arm tactics such as this hurt the free exchange of ideas that the internet is meant to enable. supports free speech and has been a strong supporter of both the anti-SOPA/PIPA movement and the Electronic Frontier Foundation. We find it regrettable that free speech is not yet a universal right.  We hope to support in the future.

(Please direct any media queries or additional questions to

Get the latest discounts delivered straight to your inbox.

  • Stephanie Murray

    Thanks for being open with us and keeping us up to date. The whole situation is really quite sad: Good luck to Boxun.

  • Nyr

    Honestly, I would not feel comfortable using a registrar that will force me to go elsewhere if they are coherced by a third party with an attack like this.
    If you are providing mission critical services to many individuals, you should have the infrastructure to mitigate a pretty large DDoS attack.

    Anyway, thanks for being open about this.

    • Adrian Ratnapala

      I don’t think that’s the right way to read this situation. is available right now, which they might not have been if they had stayed with, as I see the story, has refused to comply with the threat, has helped the website stay available and has sent the message to attackers and publishers alike that DDOSing a name registrar will get you nowhere.  

      Good on ‘em.

      • Nyr

        I don’t know why might not be available right now if had not yielded to the threats. Even if the registrar experienced downtime while mitigating the attacks, could be up and running the whole time.

  • Matthew Prince

    If we can be of any help in the future, please let us know.

    Matthew Prince
    CEO, CloudFlare, Inc.

  • vonskippy

    Way to go, selling out now, and setting yourself up for endless blackmail schemes in the future.

    Anyone with even half a brain would be jumping your sinking ship now.

    Apparently your “support” is nothing but the standard company bs line of lip service.

    What proud little rabbits you must be.

  • Thomas Gullen

    “At this point we helped the customer transfer the domain to another registrar” When you helped them transfer this domain (to 1&1), did you make the new registrar aware of the burden you were giving them?

  • Encyclopedia Dramatica

    You shouldn’t have made them move, that was a dick move on your part. Have you informed the new registrar of the situation or are you just glad to have dumped them onto someone else? I am transferring my domains to Namecheap and I will never, ever recommend your services to anyone ever again.

    • Dave Zan

      If informed the new registrar of the situation, then the new registrar said no thanks, what other option would have by then? 

      This situation is indeed unacceptable yet unfortunate. Just remember, though, that didn’t cause this, and any registrar (and I mean any) would’ve done something similar (if not the same thing) if they felt they couldn’t afford to hold off a similarly-massive DDoS attack on account of one customer’s domain name.

    • Kay Tee

        So you guys kicked off a customer because of DDOS attack? Seriously? You dumped the problem on another registrar.

  • flam999

    A Chinese DDoS ain’t nothing to fu** with, as they say.
    Sucks to get caught up in this situation. 
    And the comments here who think you could have just magically solved the DDoS issue in a better way have no idea what they’re talking about.  This was the fastest, easiest, and cheapest way to save both you and  DDoSer can keep playing cat and mouse if he wants.


    So you guys kicked off a customer because of DDOS attack? Seriously? You dumped the problem on another registrar.

  • sözlük iletişim

    This is horroible and very sad to hear. So this means if my websites get ddos one day, you will kick me as well. I will start to move m domains to another registrar right away.

    • Dave Zan

      If the new registrar does something similar to this for a similar event, what then?

  • BogenDorpher

    Thats horrible news, hopefully you guys are able to counteract this type of attack in the future

  • Utomo Prawiro

    Internet Giant including Google, Facebook, Yahoo, Redhat, Cisco and others need to find solutions to DDOS attack.

    We need a better internet, which more fault proof to attack. 

  • Serban Ghiuta

    Build better hosting. One for all, all for one. What you guys did is inexcusable. Probably going to move.

    • Dave Zan

      No, it’s not excusable. I doubt anyone wanted to give any excuses to begin with, though I wonder if you’d appreciate your provider being at least being forthright.

      Of course, that depends on what you feel is important to you. Good luck on whatever you decide.

      • Serban Ghiuta

        I am satisfied as a customer, but this is unacceptable. What is to happen if one of my sites gets DDOSed? Also, stop beeing a fanboy.

        • Dave Zan

          Is being a so-called fanboy that upsetting to you, even though I have no intention of being or portraying one? While I can criticize like some folks have already, I just happen not to see any reason to do so now since I’ve been similarly in their shoes in a previous life.

          Regrettably no one can say for sure what happened to might…might…happen to you as well. Take note, though, that both and got attacked even though the latter’s web site was hosted elsewhere.

          What happened to was a rare, worst-case scenario that, unfortunately, can also happen with any other registrar. Just depends how much resources they can afford to defend against such, yet not necessarily compromise their other customers if it can be helped.

          Sadly, there are no easy answers to this. At least, no easy, satisfying answers.

          Good luck.

        • jaredatname

          Someone somewhere in here said that maybe transparency isn’t the best policy. For business, it probably isn’t. But we’re here for the customer. We’ve all worked places where issues like this DDOS go unreported–crisis meetings are held to find out how to best gloss it over. We won’t do that. As for this case, the website owner is, unfortunately, used to moving and these massive attacks. It’s happened before but now, with this transparency, maybe we can help move along the technology and infrastructure to stop them, as well as motivate treaties that keep websites safe from international attacks. 


     Domain is still at 1&1 and hasn’t moved. It just proves that
    1&1 has better resources and doesn’t comply with threats from
    Chinese hackers. isn’t reliable anymore. used “Strong arm tactics” to force boxun away from them.


    • Dave Zan

      The problem here is even if remained with while using someone else to host their web site, the perpetrators already know where’s server is and likely would’ve continued attacking. If anything, 1&1 does have more resources than and can probably…probably…afford to hold off similar DDoS attacks, though hopefully won’t ever encounter issues countless ex-1&1 customers have.

      It’s understandable you feel that way, considering that not too many people are aware (much more care, probably) how things are like on the registrar’s side of the fence. I somewhat do from a previous life, having partly handled customers also suffering from similar DDoS attacks.

      This isn’t meant to give so-called excuses even if some people see it that way. I’m just giving certain operating realities not many people seem to realize.

      BTW, if you’re not using, you might as well let this one go as well. Life’s too short worrying about things beyond our control.

  • Guest


  • Jacob Haug

    Really?  Your solution was to have them transfer their domain to another provider?  Maybe I should transfer all my domains to another provider as well.  I would be ashamed if I were you!

  • Rebecca Johnson

    Omg, people are so dramatic sometimes. Leaving because of jerks who DDoS websites. People should be angry at the attackers, not the victims of the attack. is a business. ANY business would have done this. not only protected their business but it also gave a fighting chance to keep theirs up.

    —— “We discussed with them what options were available that were in
    the best interest of both parties.” ——

    It’s clear did not just go and tell the customer to take a hike. They discussed options that would benefit both themselves and the customer.

    ——- “Unfortunately, we did not believe
    that could keep both the website and the other 1.5
    million domains under our management online at the same time, so we
    requested the domain owner transfer to another registrar of
    their choice.” ——

    Pretty much sacrificed the site to keep OUR domains available. I’m sorry, but I give them mad props for being so optimistic about the situation and sacrificing a site to keep MINE up. Selfish? Possibly, but in the long run, I’d like a registrar whose gonna talk to me first before cutting me off from their services. If I was in’s situation I would also agree to move to another registrar that may avoid the attacks all together.

    And also, there is no indication that the other registrar doesn’t know about’s situation. They probably have the means to avoid the attack and that is why they took the domain. I’m pretty sure this attack news has reached the new registrar’s eye’s since they keep updated about these kinds of things IF didn’t ‘inform’ them like people automatically assume.