question Escrow.com down?

[Murdock]

Is anyone else having trouble accessing escrow.com? I'm in the middle of two transactions (of which both domains have already been pushed) and poof! It's been a good 14 hours.

Bad Request (Invalid Hostname)

 

[mrjohn]

So, AH, who did you guys piss off? Seems like a pretty sustained attack.

It's pretty clearly not a breach of security and information, because frankly the goal would not be to bring the site down. Quite the opposite, they'd want the site humming along and they'd snoop in the background.

Still . . . seems like a very aggressive attack. What did you guys do? Mention that Manning kid without using the prefix "Saint" before his name?

 

[makingbank]

down for me still - for 2 days now.

 

[Jose Cuervo]

I'm able to access and log in at https://www.escrow.com. But I'm unable to accept a transaction.

Is anybody able to accept transactions?

 

[Andee Hill]

The attack on Escrow.com's bandwidth has been resolved. We appreciate all of our customers patience during this difficult time.

 

[mrjohn]

It's still coming up Invalid Hostname.

I am a bit curious how that is related to Denial of Service. Because, frankly, that's a misconfiguration issue in IIS. If that was caused by an attack, then the attack was more aggressive than just DoS.

 

[Domagon]

Ditto on your sentiments - seems there's more to this story...

Escrow.com SSL certificate was only issued just two days ago (about the same time people started having problems)...

And to make matters worse, escrow.com is only Domain Control validated. The company name and address are NOT validated in the escrow.com SSL certificate. For a well known escrow company, that's very mystifying!

Ron

 

[seven]

The attack on Escrow.com's bandwidth has been resolved. We appreciate all of our customers patience during this difficult time.

and...

 

[mrjohn]

For a well known escrow company, that's very mystifying!

Does anyone else wonder if this wasn't an attack at all?

Nothing has been compromised. I checked my bank account tied to my escrow.com account.

The issue itself just isn't an attack-related issue, to be blunt. I mean, an attacker gaining admin access could do this, but there would be no rational reason to do this.

The SSL misconfigure plus the bad hostname thing plus the fact it has taken forever to resolve scream piss poor admin work to me.

I'm not saying the folks at escrow.com aren't convinced it's an attack. I'm just saying that a lot of this problem, and particularly how long it has dragged on, speaks more to issues of core competency with IIS than anything else. It could be a level of incompetence that compels them to blame evil hacker types because they simply don't know what they don't know.