Industry News

Twitter’s Own Shortlink System Gets Blacklisted, Renders All Twitter Links Inaccessible

Millions of Twitter users were unable to access hyperlinks in tweets on Sunday evening as the social network’s own short-link system got pulled off the DNS zone for over an hour. The incident, which basically affected all accounts, led any click on the tweet hyperlinks to an error page claiming that the resource the user tries to visit was unavailable.

Unlike other social networks, Twitter uses their own link shortening system called to shorten any link pasted by the user in the tweet. This not only minimizes the link’s footprint in the diminutive 140-character micro-post, but also makes detection and blocking malicious URLs much easier straight from Twitter’s infrastructure.

The system was introduced in 2010 and has been working without any significant issues ever since. On Sunday though, it got inadvertently suspended by the domain registrar Melbourne IT LDT. following a phishing complaint.

Yesterday in the process of actioning a phishing complaint, our policy team inadvertently placed the domain on hold. The error was realized and rectified in approximately 40 minutes and links again began working,” stated Tony Smith, a spokesperson for Melbourne IT in a CNET interview.

In simple terms, someone reported Twitter’s domain as hosting a phishing page to the Melbourne IT registrar and an abuse engineer just pulled it off the DNS zone, making it (and all its links) not resolve in the DNS system. This procedure is known as ClientHold and allows a registrar to temporarily disable the domain’s resolution to an IP address for a variety of reasons such as abusive use or delayed payments. During the time the domain is put on ClientHold, its route is not modified, but it is not public either.

Twitter did not comment on the incident and there appears to be no hard feelings between the client and the registrar, but Sunday’s incident once again outlines the importance of not putting all eggs in a single basket especially when it comes to “real-time” social networking.

About the author


Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.

1 Comment

Click here to post a comment
  • this is bad new. The Sunday evening, I can’t access with my account at tweet, I don’t know what the happened ? And I thank this post, I understand this problem, now.