Cloudflare is a CDN (Content Delivery Network) and Web security provider for websites. It also manages the DNS (Domain Name System) of many websites in the world. Today Cloudflare server went down for almost 25 minutes. As a result, many websites on the internet were totally inaccessible.
Many major sites like Flightradar, Down Detector, Discord, DigitalOcean are also experiencing this outrage because DNS is maintained by Cloudflare. It’s very ironical as people can’t access Downdetecter which is used by millions to check the status of websites and other online services, including Cloudflare, was knocked out. So users couldn’t even check with DownDetector to see why the host was down.
Cloudflare’s CEO, Matthew Price in a tweet stated “Aware of major @Cloudflare issues impacting us network-wide. The team is working on getting to the bottom of what’s going on. Will continue to update.”
According to the Cloudflare a sudden usage spike in CPU that caused primary and secondary systems to fall over. Cloudflare shut down the system to mitigate the issue. In a phone call with Gizmodo, CEO Matthew Prince said that a bug in firewall caused the CPU spikes and they are very confident that it was not a directed-denial-of-service attack (DDoS).
Europe and the East Coast of the United States were the most affected by the outage since it occurred during business hours in those regions. Cloudflare’s London network operations centre first notices the spikes in CPU usage due to firewall service. The first thought it was an attack as the firewall is designed to scale up to mitigate such situations. But after investigation, they didn’t find any malicious traffic or evidence.
Prince also said, “Today’s outage was 100 percent in our control and 100 percent our responsibility. We’re reaching out to all our customers to honor our responsibilities to them. It’s important for people to know it’s a mistake on our part. While it would be convenient for this to be a nation-state or another attacker, this one was our fault.”