Doesn't much of Twitter rely on Amazon's web and cloud service?

Twitter by it's very nature appears like one long non-stop DoS attack compared to any other web site.

The problem with twitter having a DoS attack is that everyone and all the automated junk trying to get onto twitter causes the next DDoS attack just trying to use the system while it's already overloaded.

My guess is that this meltdown will take more than a few minutes to mellow out once people start getting twitter pages because everyone will then immediately post something causing yet another DDoS.

At least TV stations can broadcast a test pattern ;)

they could pull the plug for bit, let the dust settle

It's very hit and miss, let me view the home page and BAM! gone again

[edited by: engine at 5:29 pm (utc) on Aug. 6, 2009]
[edit reason] See WebmasterWorld TOS [/edit]

They could pull the plug for bit.

Ya, okay Dr. Kevorkian. :)

Traceroutes to Facebook and Twitter have been hanging on the same name? servers all morning. Whatever is happening, it's not just affecting Twitter.

pageoneresults, it's like the kid who wets his pants in 3rd grade. People never forget. (Superbad reference)

To many people Twitter is like a drug. Watch out for those folks. They could be dangerous during the outage.

Call DHS, there's a terrorist attack on twitter...

Twitter will need to try and find the root cause of the denial-of-service attack, or more importantly build a more robust infrastructure with controls in place to withstand future DoS attacks

Just saw this on my wall. Apparently the problems FB was having at the same time were also related to a DDOS attack.

You may have had trouble accessing Facebook earlier today because of network issues related to an apparent distributed denial-of-service attack. We have restored full access for most people. We’ll keep monitoring the situation to make sure you have the reliable experience you expect from us.

Okay, now that most of this appears to be over with, back to business as usual. Us Twits have very short attention spans. We'll have forgotten this whole incident by this time tomorrow as this topic sinks into the WebmasterWorld archives.

Did you hear that Google, Twitter and Facebook are teaming up to locate the source of the DDoS? Yup, a real live man/woman hunt. Someone is going to pay! Maybe.

He won't be hard to find. It'll be some 15 year old script-kiddie from 4chan who'll probably be bragging about it somewhere, if not on 4chan itself.

I remember when Google shut itself down during the Michael Jackson death news thinking that was a DDoS attack.

You'd think by now that major companies would investigate security measures well enough so that one person or a group of similar inputs won't knock down a site.

*** so that one person or a group of similar inputs won't knock down a site. ***

Very little can survive a sudden spike of tens of millions of extra requests per second.

Bang. The whole lot just went off the radar again. Looks like Part II.

Its been intermittent throughout the day.

[Status.Twitter.com...]

Update (4:14p): Site latency has continued to improve, however some web requests continue to fail. This means that some people may be unable to post or follow from the website.

For me, it's a hard fail for web access, client software and API access.

How you twits holdin' up? Pretty rough huh?

I feel for ya...

Twitter, Facebook attack targeted one user [news.cnet.com]

A Georgian blogger with accounts on Twitter, Facebook, LiveJournal and Google's Blogger and YouTube was targeted in a denial of service attack that led to the site-wide outage at Twitter and problems at the other sites on Thursday, according to a Facebook executive.

The blogger, who uses the account name "Cyxymu," (the name of a town in the Republic of Georgia) had accounts on all of the different sites that were attacked at the same time, Max Kelly, chief security officer at Facebook, told CNET News.

"It was a simultaneous attack across a number of properties targeting him to keep his voice from being heard," Kelly said.

At this hour Twitter still intermittent.

keyplyr, that's normal for Twitter though

Inexplicable why a CSO of a social network site would hang one of their users out to dry like this, I guess their (facebook) privacy policy is rubbish.

Inexplicable why a CSO of a social network site would hang one of their users out to dry like this, I guess their (facebook) privacy policy is rubbish.

Once what was happening was public, the use of spam was going to mean that the identity of the target (or at least the pseudonym he uses on his blog, which is what Facebook revealed) was going to be easy to work out anyway.

I'm really unimpressed by Twitter's failure to anticipate a DOS Attack and its failure to put in place a system to prevent it from being taken out. I mean, come on, it's 2009!

p/g

not just preventing against DDoS but also large spikes in legit traffic, which are to be expected with social media sites.

DoS attacks are, in some forms, just a matter of who controls more bandwidth. Defending against them is a non-trivial problem.

It appears the attacks are ongoing and changing in nature/intensity...

The Adventure Continues
[Blog.Twitter.com...]

<added>

More information from the Twitter API Team...

Twitter Development Talk - DDoS Status Update
[groups.google.com...]

I'm really unimpressed by Twitter's failure to anticipate a DOS Attack and its failure to put in place a system to prevent it from being taken out. I mean, come on, it's 2009!

Have you ever tried to stop a DOS?

I have, some are simple, some aren't so simple.

When you have the raw amount of customers connecting that Twitter has it can be a challenge to initially sort out the problem connections from the actual users, especially when a botnet is being deployed that can actually use valid twitter member machines to attack the service itself.

After I read what the news claimed happened, I'm surprised they didn't just firewall off a few eastern European countries to slow down their ability to assault the system.

Heck, I finally permanently blocked a few Asian countries due to high volumes of spam, hack attacks and repeated high speed scrapers because eventually the business prospects don't outweigh the danger those areas pose to the server.

I have sites that allow no access outside of Western Europe and North America.

Keeps a lot of junk out. Permanently.