Orderful experienced a minor incident on April 11, 2023 affecting Trading Partner Delivery Services, lasting 2h 37m. The incident has been resolved; the full update timeline is below.
Affected components
Update timeline
- investigating Apr 11, 2023, 05:49 PM UTC
Customer are experiencing authentication issues.
- identified Apr 11, 2023, 05:53 PM UTC
Issue has been identified as the result of brute force authentication attempts triggering IP blocking. The security apparatus is protecting user resources as intended but it's blocking is a little overzealous and blocking all IPs attempting to authenticate (both unauthorized and valid). We are modifying network security to more granularly identify malicious IPs without affecting customers. The change is being prepared for deployment. Issue is limited to a subset of FTP users.
- monitoring Apr 11, 2023, 07:16 PM UTC
The fix has been deployed and we are monitoring the results
- resolved Apr 11, 2023, 08:30 PM UTC
It has been approx. 2 hours without a customer authentication block. We are closing this incident. To reiterate, while triggered by unauthorized attacks there is no sign of intrusion and all security components behaved as expected to stop unauthorized access.