Atlassian downed by DDoS attack

Summary:A distributed denial-of-service (DDoS) attack against Atlassian's hosting provider took the company's Software-as-a-Service (SaaS) platform down for a few hours this morning, with services returning this afternoon.

A distributed denial-of-service (DDoS) attack against Atlassian's hosting provider took the company's Software-as-a-Service (SaaS) platform down for a few hours this morning, with services returning this afternoon.

Atlassian apologised for the outage on its Twitter account this morning, first noted by ITNews, noting that it was experiencing some "technical difficulties" at its datacentre. The company uses Contegix, which appears to be based in St Louis, in the US state of Missouri.

On its own site, Contegix noted that one of its customers had been undergoing a denial-of-service (DoS) attack. It did not specify whether that customer was Atlassian, but said that this particular customer was the only one "completely impacted" by the attack, with other customers only experiencing intermittent network performance issues.

The attack had halted temporarily, the company wrote, but it had commenced again. "We are currently working with security teams at upstream providers to mitigate and address the issue," Contegix said. Contegix's site boasts that the company currently has a 100 per cent uptime guarantee on its network, in addition to redundant connectivity.

Several hours ago, Atlassian noted on Twitter that everything seemed to be back to normal.

In a statement later today, the company's IT director Glenn Butcher said that Atlassian's distributed code hosting service Bitbucket had been subject to a distributed denial-of-service attack, which took down the application for almost an hour, with some impact on other Atlassian services and websites.

"Atlassian's datacentre and network providers have blocked the attack and mitigated the impact to its customers. At the time of writing, almost all Bitbucket customers are returned to full service, and efforts are continuing to restore full service for remaining customers," he said.

"A denial of service is a malicious attack intended to make services unavailable for use. Unfortunately denial-of-service attacks are common on the internet, and a rite of passage for any popular service. Atlassian and its providers have defences in place to protect against denial-of-service attacks which allowed Atlassian to quickly reduce the impact and time of the attack. More updates will be posted on Atlassian's blog and twitter account as needed."

Atlassian is headquartered in Australia, and focuses on developing Software-as-a-Service applications primarily aimed at software developers, such as its bug and issue tracker service Jira, although it has also built more broadly targeted applications such as Confluence, which provides wiki functionality to customers. The company's technology is used globally.

It's not the first time that Atlassian has come under attack. In April 2010, the company notified customers that it had detected a security breach on one of its internal systems, which could have exposed customer passwords.

Updated at 10:11pm, 6 June 2011: added comment from Atlassian.

Topics: Security, Enterprise 2.0, Software Development

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.