Why Radix Registry Suspended Our Domain Name?

by | Last Updated May 13, 2019 | Domains | 1 comment

This story is about a recent incident happened to our domain https://hostmywebsite.online. Our domain got suspended by the domain registry, Radix.

And this suspension caused to bring down almost every domain name hosted by us. 😢

In this post, I will explain what went wrong, and the cause leads to 23+ hours of downtime.

The incident was unfortunate and based on a false positive. 😞

On 10/12/2018 at 3.00 AM, I got a call from my colleague. She told me that since a few hours our domain name loading slower and more often drops in connectivity. That means, the domain loads sometimes and fails to load sometime.

She checked the server resources and found nothing unusual. Though, she even tried to reboot the systems twice. Luckily our reboot process would take less than thirty seconds.

DNS Is Not Resolving at All

In my initial investigation, I found that every DNS query returns with an empty response. A record, NS, MX, everything. Just like the domain doesn’t exist.

And at this stage, I noticed that almost every domain hosted with us is unreachable. Our free drag and drop website builder tool are down. Both WHM and cPanel is not loading.

BigRock is currently the domain name registrar. I have logged in to my domain name registrar’s control panel. However, I couldn’t find anything unusual.

Cloudflare is the DNS Manager, so I then logged in to my Cloudflare Dashboard to check if they do have any resolution issue. Everything seems perfect. And I became clueless.

Since this is bizarre behaviour, I had to seek assistance from the cPanel support team. And after cPanel support team’s investigation, they backed my assumption. The domain is not responding at all. And to fix this issue, I will have to contact the domain name registrar.

I logged back to BigRock’s control panel. I tried to contact their support department. Interestingly, I found that their support system will not accept any new support request during their off-time.

BigRock Support Is Currently Unavailable
BigRock Support Is Currently Unavailable

Curious me tried to reach their Support Number, 0824-6614011. And the IVR system said their support availability time is 09.00 AM to 08.00 PM IST.

That means I will have to wait Six more hours to let them know that I am facing this issue.

Finally, Got Connected With BigRock

I called BigRock and connected one of their knowledgeable agents at 9.30 AM. After his investigation, he said that Radix, the domain name Registry suspended my domain name. And the current status is serverHold.

What Is Server Hold?

Here is the definition of serverHold from Radix’s website.

What Is Server Hold
What Is Server Hold

Okay, but why?

Why Is My Domain Name Under serverHold Status?

Radix’s answer to that question is below.

Why Is My Domain Name Under the Server Hold Status
Why Is My Domain Name Under the Server Hold Status

Why Was I Not Intimidated When Serverhold Was Applied to My Domain?

This question is the question I asked many times to myself when I first see the status of my domain.

And Radix has an answer to the question on their website.

Why Was I Not Intimidated When Server Hold Was Applied to My Domain
Why Was I Not Intimidated When Server Hold Was Applied to My Domain

I again called BigRock to see if they received such emails from Radix. My bad luck, the second agent didn’t even know if my domain name is under suspension.

I explained the agent the current situation and asked if they have received any notification from the Registry about this suspension. The support agent said, No, they don’t have any clue.

I had to disconnect the call and try again after some time so that I could get connected with another support agent.

My third attempt also not so helpful. But I got an email address to check further.

The agent said I would have to send an email to tos@bigrock.com. Ah, sending an email? I know, sending an email will not going to be so helpful. But still, I sent an email to see what will happen.

Email Sent to BigRock Abuse Team
Email Sent to BigRock Abuse Team

How Can I Get the serverHold Removed?

Well, there would be one form which we need to fill and submit to the Radix Abuse team. The form asks basic questions like Name, Email Address and a Message.

I have submitted the form. Again, after one hour, I re-submit the same form, because I was in a hurry.

From their website, I got their Abuse Desk’s email address, abuse@radixregistry.com. I was in a hurry, so I sent an email to this address.

Though I know, that both Radix and BigRock is a typical Indian company and I will never go to get their response at least the first four hours.

But, I was under fire; I started getting calls to my mobile number from my early stage loyal customers who have direct connectivity to my mobile number. Its a relationship with more than six years old.

I know most of the companies are proactive in responding customer’s tweets, so we tweeted to Radix.

Our Tweet to Radix Registry

We Got Our Domain Unsuspended

After waiting more than Six hours, we finally received an update from Radix via Twitter at 3:34 PM.

And at 3:43 PM, an Email from Radix with the updates that I eager to hear. They unsuspended the domain name and disabled the serverHold.

Update From Radix Abuse Team
Update From Radix Abuse Team

Funny that we got another email from Radix at 4:30 PM that tells us how to get this solved.

Reply From Radix Abuse Team
Reply From Radix Abuse Team

And finally, at 8:49 PM from BigRock’s Abuse Mitigation Team, I received a useless email update. That email contains nothing but almost similar words I wrote to them.

Useless Response From BigRock TOS Team
Useless Response From BigRock TOS Team

I believe that the BigRock’s Abuse Mitigation Team replied to my email just for the sake of sending a reply and that too within the same email I saw that my support ticket’s status is Closed.

I am sure that, BigRock’s Abuse Mitigation Team did not even validate my issue. And after a Ten Hours of waiting, I got this pretty useless and who-cares of kind of reply from them.

Anyway, the domain started resolving, and everything came back to online very shortly.

Was My Domain Phishing?

I have many reasons to believe that Radix suspended our domain based on a false positive. We never had a phishing URL.

As a proactive protection measurement, we have Cloudflare, Network and System level Firewall.

Above all, we have ImunifyAV, the leading malware scanning solution installed on our servers. And based on our internal analysis, this tool is the best available defence tool in the market.

I scanned my website to see if somehow we are infected, and as expected the scanning result found nothing.

imunify AV Scan Report
imunify AV Scan Report

In PhishTank, the only website flagged our domain as a Phishing site; the suspected URL is http://hostmywebsite.online/?q=http://hsbc.co.uk.banking-verification.com&cmd=login_submit&id=1.

To get a much more reputable and reliable source’s expert opinion, I have contacted Cloudlinux Support Team. Cloudlinux is the company offer most of the best tools and software for shared hosting industries.

My Mail to imunify AV Team
My Mail to imunify AV Team

And they expressed their thoughts same as I had.

Response From imunify Av Team
Response From imunify Av Team

Since we are using WHMCS, I contacted WHMCS’s Support team to verify the possibilities of such URL parameters and their executables.

My Mail to WHMCS Team
My Mail to WHMCS Team
Response From WHMCS Team
Response From WHMCS Team

WHMCS also confirmed that such URLs would be inexecutable.

I scanned the website with Sucuri and found that only this PhishTank blacklisted us. I don’t know what is the role of ESET here as the link seems a dead link.

Sucuri Site Check Report
Sucuri Site Check Report

Any Other Possibilities?

I haven’t studied how PhishTank’s submission process and their approval takes place. But I guess that might be some desperate competitor of us playing this card against us?

PhishTank Submitter Username
PhishTank Submitter Username

The submitter’s username antiphishyogi looks suspicious.

How Should the Process Have Done?

At Host My Website Online, we hate spammers, online fraudsters, phishing and malware websites and other threats as much as everyone else hates.

Of course, I am not saying that my systems and networks are hackerproof. Such incidents happen, I agree.

But companies like BigRock or Radix should have treated the situation wisely.

Usually, if any threats found on a server or a network, the Service Operator would send out a strict warning to the involved parties. That email would mostly include, specific URLs in question, sometimes ways to solve the problem, and a timeframe to fix it.

This timeframe would be between four hours to twenty-four hours.

But in our case, we have not received any warning from both BigRock or Radix. Even though Radix mentioned on their website that they would send email to the sponsoring Registrar, BigRock says they don’t have any clue.

And even if I have an infected domain name, once I cleared the threats and submitted the review, they should act fast. I am sure that, nobody can’t accept taking Six hours to Ten hours and more to get this reviewed and fixed.

And sadly in my case, only Radix can uplift the suspension.

Especially when I informed them about the severity of this issue, the action should be swift.

Has This First Time Happened in History?

Taking down a domain name by the registry is very rare, but it happens to everyone. And that happened to Zoho Corporation, a multi-million company that owns zoho.com. Two months ago tierra.net suspended zoho.com, and that affected 40 million users worldwide.

Read Update on Zoho Services Disruption.

Issues Beyond Technical

Yes, this issue is not only a technical headache. It is a pain to us when it comes to customer trust.

In this competitive market, we work very hard to acquire and support our customers. Our customer’s online presence is significant to them as well as for us.

For any reason, if their websites and other critical online services like emails are down, it will impact everyone involved.

It will directly impact our reputation, their business and online activities. And their end users also will get affected.

Even if we take every possible measure to prevent, unfortunately, domain names remain a single point of failure in the system.

I can understand that registries may have strict abuse policies, but they also should have quick problem-solving capabilities.

Have you experienced such outages, let’s discuss that through the comments box below.

We engineered our cloud infrastructure with Performance, Speed, Scalability and Security in mind.

That’s why we built Rovity with AWS, CloudLinux OS, DirectAdmin and LiteSpeed Web Server.

Come and experience the next generation of shared hosting on the cloud

By Jafar Muhammed

Jafar Muhammed is an advocate of the open web, an open-source contributor, passionate to bring more people online. He is the CEO of Rovity.

Check Out These Related Posts

How to Clear Your DNS Cache in Windows and Chrome

How to Clear Your DNS Cache in Windows and Chrome

You may hear that to clear the DNS cache many times. Clearing the DNS cache is a troubleshooting tip that helps you to get the latest version of a website. Especially after DNS changes made to the domain name. DNS information answers your browser where to locate a...

read more
Domain Vs Subdomain

Domain Vs Subdomain

When you are searching for a domain name, you will see many different terms. I am sure that all of this can be a little overwhelming when you are just getting started. I understand that all you need to do is launch a website as fast as possible. You will get it very...

read more
What Are the Different Types of Domains?

What Are the Different Types of Domains?

Picking a domain name is crucial for anyone who is creating a new website. You know that; your domain name would be the face of your brand. And You want to raise the chances of your website’s success. For that, you would have to take some time to find a brandable and...

read more


1 Comment
  1. Avatar

    Our domain at Radix was also suspended due to “potentional abuse”. We used the domain as our CDN, holding Javascript and CSS files used in all our websites. The impact was severe. Just like you, it took us a while to understand what was going on. We simply did’t expect a domain to be suspended like that. We contacted Radix, but after 18 hours we haven’t had a response.
    Of course we cannot accept outages like this, so we have moved our CDN to a (hopefully) more reliable domain. Just like you, I don’t exclude the possibility that our domain was involved in some kind of abuse, after all, it was an open CDN, which could be used by anyone, but they could have simply informed us about the abuse and we would have put a stop to it. They didn’t. We still don’t know what the problem is.
    No more Radix domains here.


Submit a Comment

Your email address will not be published. Required fields are marked *