JOIN USCloudflare-supported Shopify, GitLab and more suffer outage in India
Just a day ago, digital infrastructure service provider Cloudflare revealed that the company dettected whopping 26 million requests per second (rps) Directed Denial of Service (DDoS) attack on one of its clients last week.
Now, we are seeing reports of Cloudfare clients' websites such as Shopify, GitLab, Discord, SaaS platform OSlash, Flitpay: India's Popular Cryptocurrency Exchange, BookMyShow (for a short duration), and several others in India are suffering HTTP 504 error-based service outage.
"Cloudflare is investigating issues with network performance in the India region. Impacted customers may experience an increase in 5xx errors. We are working to analyse and mitigate this problem. More updates to follow shortly" reads the company's system status dashboard.
On Tuesday (June 14), Cloudflare told the attack probably originated mostly from Cloud Service Providers. The bad actors hijacked virtual machines and powerful servers to generate such a massive attack — as opposed to much weaker Internet of Things (IoT) devices.
Also, threat actors used a powerful botnet of 5,067 devices. On average, each node generated approximately 5,200 rps at peak.
"To contrast the size of this botnet, we’ve been tracking another much larger but less powerful botnet of over 730,000 devices. The latter, larger botnet wasn’t able to generate more than one million requests per second, i.e. roughly 1.3 requests per second on average per device. Putting it plainly, this botnet was, on average, 4,000 times stronger due to its use of virtual machines and servers," said Omer Yoachimik, product manager, Cloudflare.
The company also noted that the attacker/team invested in expensive and powerful computation devices to initiate attacks using secured HTTPS routes.
"Within less than 30 seconds, the botnet generated more than 212 million HTTPS requests from over 1,500 networks in 121 countries. The top countries were Indonesia, the United States, Brazil, and Russia. About 3% of the attack came through Tor nodes", noted Yoachimik.
In August 2021, Cloudflare detected 17.2 million requests per second DDoS attacks and was able to mitigate them with its autonomous edge DDoS protection system. In the very same way, the company was able to subdue the last week's attack.
Now, it looks like Cloudfare has its work cut out to bring the online website service to its Indian clients.
Here are some of the reactions on Twitter:
Some of you may be experiencing issues on our website due to Cloudflare network issues.
— ACKO (@ACKOIndia) June 15, 2022
We are working with the Cloudflare team to get this resolved at the earliest.
⚠️⚠️⚠️ #Cloudflare is down in India. And our whole business is just stopped due to that. We somehow rely on software that relies on Cloudflare. @CloudflareHelp @Cloudflare
— Manpreet Singh (@thisismanpreets) June 15, 2022
Any estimated time to fix it? Have you found the issue? @HubSpot @Hostinger We cannot use your service. pic.twitter.com/ZK2IScCekM
@Shopify @ShopifySupport @Cloudflare Seriously guys! - 502 Bad Gateway. Please fix this asap, we're loosing money on campaigns. #shopifydown #cloudflaredown pic.twitter.com/veTA3nrzCC
— miniScript (@iminiscript) June 15, 2022
Update: 10:55 am IST
Cloudflare has revealed that the software release to the core system caused network performance issues in India and a few select regions around the world.
"Earlier today Cloudflare saw an outage across some parts of its network in India, Indonesia, and Eastern Europe. It was not the result of an attack. The root cause of the issue was an increase in resource consumption due to a software release. Cloudflare was working on a fix within minutes, and the network is running normally now," Cloudflare spokesperson said to DH.
Get the latest news on new launches, gadget reviews, apps, cybersecurity, and more on personal technology only on DH Tech.