Cyber Incident Victim: DreamHost

On August 24, 2017, DreamHost experienced a significant distributed denial-of-service (DDoS) attack targeting its domain name servers, causing widespread connectivity issues for its customers. The attack began after the Los Angeles-based web hosting provider, which hosted over 1.5 million websites, was identified as the host for PunishedStormer—a new domain for the neo-Nazi website Daily Stormer. This followed the Daily Stormer’s expulsion from multiple providers including GoDaddy, Zoho, and Google due to violations of their terms of service, particularly after the site published inflammatory content about Heather Heyer, a victim of the Charlottesville "Unite the Right" rally violence. DreamHost initially reported DNS-related connectivity problems via Twitter, with engineers later confirming a sustained DDoS attack flooding their servers with malicious traffic. The company began mitigation efforts while acknowledging ongoing service disruptions.

The attack disrupted services for numerous DreamHost customers unrelated to the Daily Stormer, prompting public complaints on social media platforms. DreamHost subsequently terminated the Daily Stormer’s account upon discovering it had been created through an automated signup form, violating policies against multiple accounts established to bypass restrictions. The company clarified that the Daily Stormer had previously been removed years earlier for terms-of-service violations and emphasized this new registration was unauthorized. While DreamHost ultimately mitigated the attack, most customers experienced intermittent connectivity issues before full service restoration. Separately, this incident occurred amid a legal dispute where DreamHost challenged a DC court order to provide visitor logs for the anti-Trump protest site Disruptj20.org to the Justice Department, which later narrowed its request after DreamHost argued it was unconstitutional.