Thousands of websites were taken offline over the weekend, after web services provider CloudFlare suffered a router crash that took its entire network down.
The company first acknowledged the issue on Sunday morning, California time, stating "we're experencing (sic) a network-wide issue. Looking into the root cause," on Twitter.
CloudFlare promises to "protect and accelerate" websites.
"Once your website is a part of the CloudFlare community, its web traffic is routed through our intelligent global network. We automatically optimise the delivery of your web pages so your visitors get the fastest page load times and best performance," the company claims on its website.
"We also block threats and limit abusive bots and crawlers from wasting your bandwidth and server resources. The result: CloudFlare-powered websites see a significant improvement in performance and a decrease in spam and other attacks," it adds.
However, an attempt by the company to thwart a Distributed Denial of Service (DDoS) attack resulted in it accidentally crashing its routers, taking all its clients' websites offline.
The company noticed packets between 99,971 and 99,985 long attempting to access customers' DNS servers, which it took as an indication of a DDoS attack. Therefore it wrote a rule to drop the packets, which inadvertently caused all the routers that received it to crash.
In a blog post explaining the outage, CloudFlare said: "Flowspec accepted the rule and relayed it to our edge network. What should have happened is that no packet should have matched that rule because no packet was actually that large. What happened instead is that the routers encountered the rule and then proceeded to consume all their RAM until they crashed."
The manner in which the crashes happened prevented the routers from automatically rebooting, the company added.
The company has said accounts covered by SLAs will get credits and it is still investigating what caused the routers to crash.
-
UK crime fighters wrangle “several thousand” potential cyber criminals in DDoS-for-hire honeypotNews The sting follows a recent crackdown on DDoS-for-hire services globally
-
US begins seizure of 48 DDoS-for-hire services following global investigationNews Six people have been arrested who allegedly oversaw computer attacks launched using booters
-
Will triple extortion ransomware truly take off?In-depth Operators are now launching attacks with three extortion layers, but there are limitations to this model
-
GoDaddy web hosting reviewReviews GoDaddy web hosting is backed by competitive prices and a beginner-friendly dashboard, and while popular, beware of hidden prices
-
Japan investigates potential Russian Killnet cyber attacksNews The hacker group has said it’s revolting against the country’s militarism and that it’s “kicking the samurai”
-
LockBit hacking group to be 'more aggressive' after falling victim to large-scale DDoS attackNews The ransomware group is currently embroiled in a battle after it leaked data belonging to cyber security company Entrust
-
Record for the largest ever HTTPS DDoS attack smashed once againNews The DDoS attack lasted 69 minutes and surpassed the previous record of 26 million RPS
-
Cloudflare unveils new One Partner Program with zero trust at its coreNews Cloudflare CEO Matthew Prince says the initiative aims to take the complexity out of zero trust architecture
