\n<\/p>\n
Cloudflare wrongly suspected that the widespread outage that took numerous websites offline<\/a> on November 18 was caused by a DDoS attack, the company\u2019s CEO has admitted. In his blog post<\/a> that breaks down what happened, however, Matthew Prince explained that after realizing their mistake, his team was able to fix the issue. \u201cThe issue was not caused, directly or indirectly, by a cyber attack or malicious activity of any kind,\u201d he wrote. It was instead caused by a change to its database systems\u2019 permissions, which led to an issue with a file used by its Bot Management system.<\/p>\n The company\u2019s Bot Management system uses a machine learning model to score bots for every request they make when they crawl Cloudflare\u2019s network. Its clients rely on those bot scores to decide whether to allow or to block specific bots from accessing their websites. One the uses of having bot scores is being able to block AI companies\u2019 bots so they can\u2019t use a website\u2019s content to train their LLMs. In July, Cloudflare launched an experiment called \u201cpay per crawl,<\/a>\u201d which allows website owners to let an AI bot crawl their pages if they get paid for access.<\/p>\n Prince said the model relies on a \u201cfeature\u201d configuration file to make a prediction on whether a bot request was automated or not. The feature file is refreshed every few minutes, and a change in the underlying mechanism generating that file caused a change in its size that triggered the error. \u201cAs a result, HTTP 5xx error codes were returned by the core proxy system that handles traffic processing for our customers, for any traffic that depended on the bots module,\u201d Prince wrote.<\/p>\n This recent event has been Cloudflare\u2019s worst outage in years. The company said it hasn\u2019t had an outage that has \u201ccaused the majority of core traffic to stop flowing through [its] network\u201d since 2019. Prince apologized for the issue on behalf of his team.<\/p>\n<\/div>\n