Skip to main content

Unplanned Outage: CommonSpot and ColdFusion Hosting Sites

Last Updated:
2010-12-21 00:00:00
Event:
2010-12-20 00:00:00
Status:
Closed
Brief Description:
CommonSpot Hosting
User Impact:
N/A
Workaround:
There is no workaround for this issue
Current Status:
N/A
Services Affected:
Full Description:
CIT has received reports that users are unable to access some of the CommonSpot and ColdFusion Hosting sites including www.cit.cornell.edu.



Timeline of Changes

Description Current Status Date Time
Follow up: Additional Information Regarding December 20, 2010 CommonSpot and ColdFusion Outage\n \nDuring the afternoon of December 20, 2010, members of the Cornell community reported they were unable to access web sites hosted by CommonSpot and ColdFusion. Users of uPortal.Cornell also may have encountered problems.\n \nCIT initially determined that access issues were because of a Denial-of-Service attack. However, further investigation revealed the problem was associated with a required scan of Cornell systems linked to credit card transactions. Because some campus units use ColdFusion for their shopping carts, the ColdFusion and CommonSpot hosting environments were included in the required scan. See details below.\n \nCornell is required to conduct this scan on a quarterly basis, and CIT will be working to prevent any future disruptions in service.\n \nDetails\nThe Payment Card Industry Data Security Standards include a scanning requirement for web sites that process credit card transactions or that have pre-transaction functionality (like shopping carts). These sites must be scanned on a quarterly basis for security vulnerabilities. Failure to comply with this standard could jeopardize Cornell?s ability to process credit card transactions. Cornell?s Cash Management Office within the University Treasurer Office selected an external vendor to conduct the scan for Cornell. Cornell?s IT Security Office coordinated the scan with the vendor and will also coordinate reporting of results. Questions regarding the vulnerability scan may be emailed to the IT Security Office: security-services@cornell.edu.\n\n Follow up: Additional Information Regarding December 20, 2010 CommonSpot and ColdFusion Outage\n \nDuring the afternoon of December 20, 2010, members of the Cornell community reported they were unable to access web sites hosted by CommonSpot and ColdFusion. Users of uPortal.Cornell also may have encountered problems.\n \nCIT initially determined that access issues were because of a Denial-of-Service attack. However, further investigation revealed the problem was associated with a required scan of Cornell systems linked to credit card transactions. Because some campus units use ColdFusion for their shopping carts, the ColdFusion and CommonSpot hosting environments were included in the required scan. See details below.\n \nCornell is required to conduct this scan on a quarterly basis, and CIT will be working to prevent any future disruptions in service.\n \nDetails\nThe Payment Card Industry Data Security Standards include a scanning requirement for web sites that process credit card transactions or that have pre-transaction functionality (like shopping carts). These sites must be scanned on a quarterly basis for security vulnerabilities. Failure to comply with this standard could jeopardize Cornell?s ability to process credit card transactions. Cornell?s Cash Management Office within the University Treasurer Office selected an external vendor to conduct the scan for Cornell. Cornell?s IT Security Office coordinated the scan with the vendor and will also coordinate reporting of results. Questions regarding the vulnerability scan may be emailed to the IT Security Office: security-services@cornell.edu.\n\n 2010-12-21 00:00:00
We are currently investigating this problem and will notify you with updates on this situation. We are currently investigating this problem and will notify you with updates on this situation. 2010-12-20 00:00:00
Both Services (CommonSpot and Coldfusion) are currently experiencing a Denial-of-service (DOS) attack. A block of these offending addresses is currently being requested. Both Services (CommonSpot and Coldfusion) are currently experiencing a Denial-of-service (DOS) attack. A block of these offending addresses is currently being requested. 2010-12-20 00:00:00
CommonSpot and Coldfusion sites are now back up and responding normally. We will post more details as to the cause and resolution for the outage soon. CommonSpot and Coldfusion sites are now back up and responding normally. We will post more details as to the cause and resolution for the outage soon. 2010-12-20 00:00:00