Feeds

Bots to blame for Amazon.com outages?

New glitches add to intrigue

Providing a secure and efficient Helpdesk

Amazon.com suffered a fresh round of outages on Monday amid speculation that it was under a denial of service attack.

Disruptions hit Amazon's US and UK sites Monday morning California time and lasted for about an hour, according to Keynote Systems, which monitors website performance. People who tried to visit the sites received a message reading: "Http/1.1 Service Unavailable." Amazon's US website experienced similar difficulties that lasted more than two hours on Friday.

Friday's outage coincided with a sustained attack on the Internet Movie Database, a popular site owned by Amazon that uses Amazon IP addresses. At the same time that Amazon's site became unavailable, a single attacker perpetrated a "layer 7" attack on IMDB. It flooded the site with so many requests for images that bandwidth and computing resources weren't able to accommodate legitimate users.

The average rate of the denial-of-service attack was about 3 Mbits/sec, according to this post from a researcher at Narus, which provides real-time traffic intelligence to large network operators.

What's more, shortly after Amazon technicians restored service after Friday's outage, several Register readers reported receiving a new error message that explained they were being blocked from Amazon.com because the requests were suspected to come from a bot or automatic script. Eventually, the problem was corrected.

Taken together, the IMDB attack and the false positives may indicate Amazon was hit by some sort of automatic script that contributed to the outage.

"It is definitely possible that they were undergoing an attack that our probes can't see and they tried to control it by dropping traffic," said Supranamaya Ranjan, a senior member of Narus's technical staff.

In addition to the possibility that miscreants unleashed an attack designed to hobble Amazon's webservers, some people have speculated that the outage was inadvertently caused by bots programmed to scoop up the Metal Gear Solid 4 bundle, an 80-GB pack for the PlayStation3, which went on sale on Amazon on Friday.

Whatever the cause, the outage comes as a pox on the house of Amazon. In addition to being the world's biggest online retailer, it's also trying to convince smaller companies to outsource their mission-critical storage, server and database operations to its Amazon Web Services.

An Amazon spokeswoman declined to discuss the cause of the outages. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.