Amazon Web Services Gets DDoS Attack and the Client Waits

An apparent DDoS attack on Amazon Web Services (AWS) over the weekend left a web-hosting code service down for about 20 hours before the problem became resolved. The attack raises questions about how fast Amazon responds to its clients in times of attack and what level of trust customers should place with one cloud service provider.


Bitbucket hosts everything on Amazon EC2. They also use EBS service for storage of everything from their database, logfiles, and user data.

Bitbucket first recognized the attack on Friday night when their network storage became virtually unavailable. According to the detailed account on their blog, the site crawled to a halt.

After the service went down, AWS was contacted. After more than five hours of back and forth about the extent of the issue, the conversation moved to Twitter and you guessed it, that’s when Amazon realized perhaps this might be a bigger problem than they thought.

Some of Bitbucket’s large customers contacted Amazon and the problem climbed up the customer support ladder pretty fast.

Up until this point, Amazon maintained they did not have a problem with the service. That line soon changed as the issue became more severe. By this time senior executives were on the phone, engineering specialists were being called in and Bitbucket had Amazon’s full attention.

Twenty hours later, the service had been restored. But the after effects are still apparent. Jesper Noehr created Bitbucket. He has been tweeting continuously since the problem began. You can tell he is spending a good bit of this time working with customers who are none too happy. Do a search on Twazzup and the complaints about Bitbucket’s problems run down the page.

It’s a trust game to this point in the cloud services world. A lag in diagnosis prevented Bitbucket from getting back online. They took a big hit. Not surprisingly, they are considering other services.

But for customers out there, it’s time to look more deeply at how much faith you put in one cloud services provider.

From The Register:



“The lesson here is: ‘Don’t bet the farm on a single cloud provider,'” says Craig Balding, founder of cloudsecurity.org and a security practitioner at a Fortune 500 company. “It’s common sense really. But people get lulled into thinking they site is always going to be available [when they host with a single provider].”


Facebook Comments