DDoS attack knocks Atlassian offline


update A distributed denial of service attack against Atlassian’s hosting provider took the company’s software as a service platform down for a few hours this morning, with services returning this afternoon.

On its Twitter account this morning, Atlassian apologised for the outage, noting it was experiencing some “technical difficulties” at its datacentre. The company uses Contegix, which appears to be based in St Louis, in the US state of Missouri. This story was first broken by iTNews.

On its own site, Contegix noted that one of its customers had been undergoing a denial of service attack. It not specify whether that customer was Atlassian, but said that particular customer was the only one “completely impacted” by the attack, with other customers only experiencing intermittent network performance issues.

The attack had halted temporarily, the company wrote, but it had commenced again. “We are currently working with security teams at upstream providers to mitigate and address the issue,” Contegix said. Contegix’s site boasts the company currently has a 100 percent uptime guarantee on its network, in addition to redundant connectivity.

Several hours ago, Atlassian noted on Twitter that everything seemed to be back to normal. In a statement later today, the company’s IT director Glenn Butcher said Atlassian’s distributed code hosting service Bitbucket had been subject to a distributed denial of service attack, which took down the application for almost an hour, with some impact on other Atlassian services and websites.

“Atlassian’s datacentre and network providers have blocked the attack and mitigated the impact to its customers. At the time of writing almost all Bitbucket customers are returned to full service, and efforts are continuing to restore full service for remaining customers,” he said.

“A denial of service is a malicious attack intended to make services unavailable for use. Unfortunately denial of service attacks are common on the Internet, and a rite of passage for any popular service. Atlassian and its providers have defences in place to protect against denial of service attacks which allowed Atlassian to quickly reduce the impact and time of the attack. More updates will be posted on Atlassian’s blog and twitter account as needed.”

Atlassian is headquartered in Australia and focuses on developing software as a service applications primarily aimed at software developers such as its bug and issue tracker service Jira, although it has also built more broadly targeted applications such as Confluence, which provides wiki functionality to customers. The company’s technology is used globally.

It’s not the first time Atlassian has come under attack. In April 2010 the company notified customers that it had detected a security breach on one of its internal systems which could have exposed customer passwords.

Image credit: Bud Adams, royalty free