Elance and oDesk hit by major DDoS attacks, downing services for many freelancers

The freelancer platform Elance has been under a sustained distributed denial-of-service (DDoS) attack for more than a day, making the service unavailable for many users — but apparently not compromising their data. Rival oDesk, with which Elance will soon merge, was also hit by a separate attack.

The Elance episode seems to have been a so-called NTP reflection attack, judging from an Elance tweet referencing a piece I recently wrote about the technique. Such attacks use botnets and badly configured NTP servers — essentially time checks for computers’ clocks — to amplify a small amount of data into a large one that overpowers the targets’ systems.


Mountain View, Calif.-based Elance has over 4 million users (it will roughly double that through its upcoming merger with chief rival oDesk). It’s not clear how many have been affected by the outage, as a company spokeswoman told me only that “some users have not been impacted.”

An oDesk spokeswoman told me that oDesk “experienced a separate short DDoS attack on odesk.com for a few hours last night. The site is up and has been since about 5am PT.”

Elance’s spokeswoman said by email that their attack began at 6am PT on Monday and remains ongoing, albeit sporadically. She didn’t respond to a question about the possible motivation, but she did say Elance had defenses in place to ward off DDoS attacks on its service, and has “since invested in new technology to try to thwart the attackers.”

She added:

“We have a unique community of both businesses and freelancers and we’ve reached out to inform them about the attack and let them know that none of their data was compromised but to expect delays. Both sides of our community have been very responsive and sympathetic.”

This article was updated to include new information on the oDesk attack.