DDoS takes Atlassian offline

Jun 6, 2011 12:41 PM
Filed under Security

Denial of service hampers popular hosted software service.

Customers of Sydney-based software start-up Atlassian were unable to connect to their SaaS-delivered services this morning due to a distributed denial-of-service attack.

At 10am this morning, customers reported network timeouts to engineers at Atlassian’s St Louis-based hosting partner, Contegix.

An hour later, Atlassian apologised to customers on its Twitter feed.

“Apologies for the current outage.. we are experiencing some technical difficulties at our data centre,” Atlassian staff tweeted.

Just before 3.40pm, the company revealed that the attack was levelled at its distributed code hosting service, Bitbucket.

It described denial of service attacks as a "rite of passage for any popular service", explaining that existing defences allowed Atlassian and its providers to "quickly reduce the impact and time of the attack".

"Today, Atlassian's distributed code hosting service Bitbucket was subject to a distributed denial of service attack, taking down Bitbucket for almost an hour, with some impact on other Atlassian services and websites," the company stated.

"Atlassian's datacentre and network providers have blocked the attack and mitigated the impact to its customers. At the time of writing almost all Bitbucket customers are returned to full service, and efforts are continuing to restore full service for remaining customers."

Atlassian customers include Deutche Bank, NBN Co, Microsoft, Adobe, Cochlear, BMW, HSBC, Suncorp, Boeing, the BBC, Telstra, News Interactive and Australia's Department of Broadband (DBCDE).

Contegix confirmed at 11:30am that one of its customers had been targeted in a denial of service attack, which took out one provider and provided “some intermittent network performance issues for other customers.”

The company did not identify any particular customer as the target of the attack.

The attack resumed 15 minutes later. Contegix said the problem was isolated to the attack target by 11:40am and said it was working with upstream providers to block the DDoS traffic.

All Atlassian sites beyond its home page remained offline until around 12:45pm.

The company referred customers to the Contegix status page for service updates.

Atlassian was also attacked in mid-2010, exposing customer data.

Updated at 4.10pm to include Atlassian's comments about Bitbucket.

1 comment in this discussion

"Love these guys - their stuff's great and they can do no wrong. Same with Amazon EC2 - they had their Easter bad hair day, but those clients who were most inconvenienced were Amazon's strongest ..."

By Lloyd

Tags

ddos, atlassian, distributed denial of service, security

Further security flaws found in Java Runtime Environment

Largest Bitcoin exchange under fresh DoS attack

Security flaw in Juniper's JunOS can be used to crash routers

Anonymous member convicted for Paypal DDoS

Breaking Stories

Telstra opposes 700 MHz for emergency 4G network

AusPost, NAB combine on Agile project

Aussie IT workers threatened by skilled migrants: survey

Transfield wins new NBN contracts

G8 countries sign up to Open Data Charter

Readers of this article also read...

Comments: 1

Lloyd

Jun 6, 2011 4:22 PM

Love these guys - their stuff's great and they can do no wrong. Same with Amazon EC2 - they had their Easter bad hair day, but those clients who were most inconvenienced were Amazon's strongest supporters. But I do believe it's time to provide an IP address profile to immediately block DDoS attacks across the internet - if an IP address that is not on a white list creates more than a limited number of hits in a few minutes, then it is given a random break between 5 and 15 minutes. Maybe the people who ran the DDoS attack on Atlassian targeted the company who could build such a profile ... what about it guys?

Comments have been disabled for this article.

Ads by Google