1 Comment

Summary:

The Elance denial-of-service attack has been going on for over a day now, though it is now only sporadic. Elance says it has bought in new defences to try cope. Meanwhile oDesk says it got hit by a briefer, separate attack.

hacker computers
photo: Thinkstock

The freelancer platform Elance has been under a sustained distributed denial-of-service (DDoS) attack for more than a day, making the service unavailable for many users — but apparently not compromising their data. Rival oDesk, with which Elance will soon merge, was also hit by a separate attack.

The Elance episode seems to have been a so-called NTP reflection attack, judging from an Elance tweet referencing a piece I recently wrote about the technique. Such attacks use botnets and badly configured NTP servers — essentially time checks for computers’ clocks — to amplify a small amount of data into a large one that overpowers the targets’ systems.

Mountain View, Calif.-based Elance has over 4 million users (it will roughly double that through its upcoming merger with chief rival oDesk). It’s not clear how many have been affected by the outage, as a company spokeswoman told me only that “some users have not been impacted.”

An oDesk spokeswoman told me that oDesk “experienced a separate short DDoS attack on odesk.com for a few hours last night. The site is up and has been since about 5am PT.”

Elance’s spokeswoman said by email that their attack began at 6am PT on Monday and remains ongoing, albeit sporadically. She didn’t respond to a question about the possible motivation, but she did say Elance had defenses in place to ward off DDoS attacks on its service, and has “since invested in new technology to try to thwart the attackers.”

She added:

“We have a unique community of both businesses and freelancers and we’ve reached out to inform them about the attack and let them know that none of their data was compromised but to expect delays. Both sides of our community have been very responsive and sympathetic.”

This article was updated to include new information on the oDesk attack.

You’re subscribed! If you like, you can update your settings

  1. This is critical. I thought they’ve made a more secured platform after both companies have merged last year. I wonder if this will ever happen again, it’s quite a big issue then.

    Anyway, since there is no perfect system in the planet, we always expect to hear these issues even in the future. I know both sites can fix this problem and hopefully they can prevent as they are the leading companies in the “work from home” industry followed by some reputable sites like Freelancer and Staff.com.

Comments have been disabled for this post