A Cloudflare spokesperson told Ars that the cloud services provider saw “a spike in unusual traffic to one of Cloudflare’s services,” which “caused some traffic passing through Cloudflare’s network to experience errors.”

“We do not yet know the cause of the spike in unusual traffic,” the spokesperson said. “We are all hands on deck to make sure all traffic is served without errors. After that, we will turn our attention to investigating the cause of the unusual spike in traffic.”

  • SoftestSapphic@lemmy.worldEnglish
    9·
    7 hours ago

    “You see, half the internet went down because people used our services a little too much.”

    Ok wtf???

    How does cloudflare not have DOS detection?

      • Kazumara@discuss.tchncs.deEnglish
        3·
        36 minutes ago

        The bad config file is somewhere in the middle of the chain of causality.

        They changed database permissions, revealing a dormant bug in a database query, leading to config files being generated badly with duplicate lines, making them too large for intake by the bot detection service, which didn’t have good input validation and made the process panic instead, ruining the service.

  • arsCynic@lemmy.mlEnglish
    121·
    9 hours ago

    Widespread Cloudflare outage blamed on mysterious traffic spike

    Just like my 14-year-old self who “mysteriously” bricked his parents’ PC by totally SFW Web usage.

  • mech@feddit.orgEnglish
    278·
    1 day ago

    Aren’t spikes in unusual traffic the exact thing Cloudflare is supposed to protect you from?

    • oppy1984@lemdro.idEnglish
      111·
      18 hours ago

      Traffic spikes, on the Internet? One in a million chance! Now tow cloudflare outside the environment and call it a day.

    • the_crotch@sh.itjust.worksEnglish
      432·
      1 day ago

      They protected the endpoints. They just weren’t able to route traffic to them. Id bet it takes a MUCH larger ddos to bring cloudflare to its knees vs your average website.

      • mech@feddit.orgEnglish
        312·
        1 day ago

        From a Cloudflare customer’s point of view, I don’t care if my site is down from a DDOS or a Cloudflare outage, but the latter seems to happen more often.

        • NuXCOM_90Percent@lemmy.zipEnglish
          2·
          7 hours ago

          As it stands? Cloudflare is still incredibly effective at protecting customers from those DDOS attacks. Which, depending on your hosting solution, can mean very noticeable monetary savings because YOUR hardware/connection didn’t spike. And, regardless, can mean noticeable monetary savings as your engineers didn’t need to recover a crashed system because your setup was just sitting there idle.

          That said: If you truly need high availability? You need to do what downdetector did and have alternatives ready in the event that Cloudflare falls over. Same as with your ISP… which should be ISPs plural.

        • the_crotch@sh.itjust.worksEnglish
          23·
          1 day ago

          From another cloudflare customer, if our sites still work internally it’s marginally better than them being broken both inside and outside the org as they would be if they were ddosed directly. I guess it depends on what kind of services you’re running.

    • DreamButt@lemmy.worldEnglish
      261·
      1 day ago

      ostensibly sure. But it’s like car insurance. People pay them no matter what so why bother doing what they promised?

    • locahosr443@lemmy.worldEnglish
      8·
      10 hours ago

      Amazon is now saving Americans from the crippling debt most of them seem to get into to drive a shiny box… I wasn’t expecting that.

    • vacuumflower@lemmy.sdf.orgEnglish
      1081·
      1 day ago

      Buying a car is pretty capitalist.

      I’m not envious and I like the thought of some places on the planet having it normal for one family to have few cars, but - in certain places where capitalism has already been disrupted a few times in history, like Moscow, Russia where I, eh, reside, am headquartered, dwell, roam, … - and those places are richer than much of the world, - people would think the guy from the screenshot doesn’t have many reasons to try disrupting it.

    • Tony Bark@pawb.socialOPEnglish
      79·
      1 day ago

      How many times have I told you not to download movies or games in the middle of the day? You’ll tie up the phone lines.

          • k0e3@lemmy.caEnglish
            34·
            1 day ago

            I can’t even explain dial up modems to my son because I’d have to start by explaining what phone lines are.

            • Bluewing@lemmy.worldEnglish
              1·
              9 hours ago

              It wasn’t about the lines. It was always about the switches. And while they are no longer actual hardware, but rather software, those are still the what makes phones work.

          • krooklochurm@lemmy.caEnglish
            141·
            1 day ago

            I think that’s a big part of why I like lemmy.

            There are plenty of tech-savvy critical thinkers in the younger generations, but the naïveté, tech illiteracy, and lack of critical thinking ability of the average internet commenter / poster is appalling.

            I’ve seen it just get worse and worse.

            The internalized self censorship, the laissez faire attitude towards digital privacy, just pure fucking idiocy.

            Wake me up when September ends.

        • curbstickle@anarchist.nexusEnglish
          8·
          24 hours ago

          No longer relevant pro tip - an extra pair was typically left at the incoming service, which was used for testing. It worked as a second line and didn’t interupt the main pair, allowing for a functionally free second phone line (that didnt have incoming service).

          Perfect for modem use!

      • Dharma Curious (he/him)@slrpnk.netEnglish
        16·
        1 day ago

        I had fully forgotten the phrase “you’ll tie up the phone line!” And I just had a nam style flashback of sneaking internet time during the day when my mom was at work, and praying that no one tried to call

      • ooterness@lemmy.worldEnglish
        10·
        1 day ago

        Ten movies streaming across that, that Internet, and what happens to your own personal Internet? I just the other day got… an Internet was sent by my staff at 10 o’clock in the morning on Friday. I got it yesterday. Why? Because it got tangled up with all these things going on the Internet commercially. They want to deliver vast amounts of information over the Internet. And again, the Internet is not something that you just dump something on. It’s not a big truck. It’s a series of tubes. And if you don’t understand, those tubes can be filled and if they are filled, when you put your message in, it gets in line and it’s going to be delayed by anyone that puts into that tube enormous amounts of material, enormous amounts of material.

    • eRac@lemmings.worldEnglish
      1·
      47 minutes ago

      It was actually the system Cloudflare uses to catch and block bots that went haywire.

      They had a fake database you could query that would pull content from a bunch of different shard databases. They updated the config so that systems querying it could see the shards in addition to the main dummy DB. The tool that pulled data out of it assumed that it could only see the dummy, however, so it just asked for everything when it pulled a report to pass to the filtering system.

      The filtering system assumed the report it received would be properly formed and crashed if it got one that was malformed.

  • melroy@kbin.melroy.org
    811·
    1 day ago

    I hope more websites will move away from cloudflare. I could not access 90% of the web anymore. This is insane if just 1 company goes down, the whole internet is dead. The internet is broken!

    • mybuttnolie@sopuli.xyzEnglish
      56·
      1 day ago

      and it’s fucking annoying to check the box to “prove you’re a human” when trying to access almost any site. some days it will make me do it three times before letting me through

      • melroy@kbin.melroy.org
        243·
        1 day ago

        I understand the need for anti-bot or DDoS protection, but there are better and free options today. Like Anubis. So please, in the love of The Internet, move away from cloudflare. Ideally yesterday already.

        Edit: or run your own decent firewall with geo blocks. FireHOL block lists. Intrusion detection.

        Setting up fail2ban. . Etc. Etc.

        • Xylight@lemdro.idEnglish
          5·
          17 hours ago

          Anubis isn’t even comparable to cloudflare. The reason cloudflare is so effective is that they can oversee which IPs are spamming or being abusive to certain websites, and can throw up protections quickly. There are a number of negative implications that come with this, but it’s quite good at its primary job.

          Anubis is just a prompt that wastes CPU cycles and tries to make it more expensive for AI crawlers to do so (since they care a lot about compute costs, of course). There is no bot protection or anything happening. The “making sure you’re not a bot” is quite misleading imo

        • _cryptagion [he/him]@anarchist.nexusEnglish
          16·
          1 day ago

          Anubis is to protect against scraping from LLMs, it has nothing to do with DDoS protection. Not only that, but the Anubis Github repo recommends most people to use Cloudflare instead, since Anubis is the “nuclear” option.

          • melroy@kbin.melroy.org
            4·
            1 day ago

            Well then we are all fked. I recommend then using a good internet connection to host your stuff behind it. I also recommend a good firewall.

            A firewall that can block on geo location. Block on ASN level. And intrusion detection. And also use block lists like FireHOL level 1 to 4.

            Of course configure fail2ban etc.

            Again we really need to come up with alternatives now… I’m sick of how the current internet develops.

      • nyan@lemmy.cafeEnglish
        7·
        1 day ago

        It isn’t just annoying, it often breaks for people on less-popular browsers. Plus, it requires you to run Cloudflare’s Javascript. You think this outage was bad—what do you think would happen if someone slipped them a bit of malware?

      • modular950@lemmy.zipEnglish
        7·
        1 day ago

        next time you’re at bat against one of these, you may try moving less diligently / efficiently to the checkbox. overall, a slowed and less exact approach. I’ve not tested this enough to REALLY say it makes a difference, but in cases where I continually fail, going slower does seem to be the time I finally get through.

        I find the same for the picture puzzles where you select images that match or apply to the posted context or whatever else the mission may be.

  • themurphy@lemmy.mlEnglish
    27·
    1 day ago

    It’s very normal for countries to DDOS each other to test their limits, and if it could be incorporated in an attack.

    And yes, of course the US is also testing this against other nations.

    It could also just be a malfunction or someone acting independently. Who knows.

  • devfuuu@lemmy.worldEnglish
    13·
    1 day ago

    Capitalists: “All lines must go up!” … (Traffic line goes up a little bit) Capitalists: “Not like that!”