Twitter’s Own Shortlink System Gets Blacklisted, Renders All Twitter Links Inaccessible
Millions of Twitter users were unable to access hyperlinks in tweets on Sunday evening as the social network’s own short-link system got pulled off the DNS zone for over an hour. The incident, which basically affected all accounts, led any click on the tweet hyperlinks to an error page claiming that the resource the user tries to visit was unavailable.
Unlike other social networks, Twitter uses their own link shortening system called t.co to shorten any link pasted by the user in the tweet. This not only minimizes the link’s footprint in the diminutive 140-character micro-post, but also makes detection and blocking malicious URLs much easier straight from Twitter’s infrastructure.
The system was introduced in 2010 and has been working without any significant issues ever since. On Sunday though, it got inadvertently suspended by the domain registrar Melbourne IT LDT. following a phishing complaint.
“Yesterday in the process of actioning a phishing complaint, our policy team inadvertently placed the t.co domain on hold. The error was realized and rectified in approximately 40 minutes and t.co links again began working,” stated Tony Smith, a spokesperson for Melbourne IT in a CNET interview.
In simple terms, someone reported Twitter’s t.co domain as hosting a phishing page to the Melbourne IT registrar and an abuse engineer just pulled it off the DNS zone, making it (and all its links) not resolve in the DNS system. This procedure is known as ClientHold and allows a registrar to temporarily disable the domain’s resolution to an IP address for a variety of reasons such as abusive use or delayed payments. During the time the domain is put on ClientHold, its route is not modified, but it is not public either.
Twitter did not comment on the incident and there appears to be no hard feelings between the client and the registrar, but Sunday’s incident once again outlines the importance of not putting all eggs in a single basket especially when it comes to “real-time” social networking.