What Went Wrong: The Zoho CRM Downtime of 2018
Customer Relationship Management vendor, Zoho went offline after its registrar applied for a suspension order, due to a phishing issue. TierraNet deliberately took down the zoho.com domain as a countermeasure to the high level of phishing violations allegedly coming from the domain. In defense of Zoho, CEO Srid Vembu has posted a lengthy apology open letter in their website. “Before I offer explanations, let me offer you my genuine apology. I run Zoho and as a business owner and CEO can fully understand what it means to not be able to access the software and services that keep your businesses on track and serves your customers. For this, I am truly sorry. I have been at the helm of this situation since it broke many hours ago and will continue to be here until everything is fully resolved,” said by the apologetic Vembu.
Zoho has addressed their customers, especially those having DNS-resolving issues when accessing the zoho.com CRM site. “To all those still experiencing issues, it takes 24-48 for DNS Records to fully propagate around the world. Use https://t.co/Eg1uq6DmLg to search for the subdomain you need, and if you’re using windows, try adding the A record to your host’s file. I’m into Invoice using that way,” twitted by CVJ CyberTangle (using the account @keithgallagher).
In a very lengthy blog, Vembu accounted for what happened in the hours that preceded and succeeded the issue. “Here’s what happened. Our domain name registrar blacklisted (shut down) our domain. (Registrars are independent organizations that manage the reservation of internet domain names. The registrar does not host any Zoho site, they simply register the zoho.com domain name.) The blacklist lasted about an hour before it was restored. This means any incoming services request to Zoho.com cannot get resolved into the proper IP address that can deliver the services (although the service is still up at the specific IP address). The shutdown impacted some, but not all, customers who tried to use any Zoho service. Unfortunately, domain names still remain a single point of failure in the system,” explained Vembu.
Zoho is confident, as the company has not concealed the problem and showed a high level of transparency to its clients, customers, and partners. As part of the solution, they moved the zoho.com domain to Cloudflare to achieve industry-level redundancy using the latter’s proven cloud infrastructure.
TierraNet has justified their call to take down the domain due to Zoho’s alleged irresponsibility of taking action against the phishing issue. “They didn’t, so we had to suspend them. We have been in contact with them and their services should be up in 24-48 hours,” emphasized TierraNet. At the time of this writing the zoho.com domain is up again, but due to the outage, Zoho definitely had lost the trust of some of their key clients.
“Until then we have shared multiple workarounds on our @zoho handle on Twitter (and other Zoho social media sites). Many internet service providers are slow to update their domain name resolution servers (DNS servers) but Google and Cloudflare provide fast-updating DNS servers, and those already have the restored Zoho.com name servers cached in them. This is the essence of the workarounds,” concluded Zoho.
Julia Sowells960 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.